Input from kafka to logstash

Harsha606 · June 7, 2019, 10:39am

Hi All,

my architecture is as below

filebeat -> kafka -> logstash -> elastic

from, filebeat i am successfully pushing logs to kafka, what i observed in kafka topic message is log":{"file":{"path":"/mnt/volume0/XXXX-v2-free-service/services/free-v-2-0-13/namesrv/logs/name-srv-express-info1.log"},"offset":4501449},"level":"info"}

now my question is, while considering kafka input to logstash, can i do a filter based on log":{"file":{"path": , why i need that is because, as you observe in the folder structure there is folder named free-v-2-0-13 , based on that name i need to add field called version and that folder name changes dynamically!!!
if this can be done, plz explain how....

any help would be really appreciated.

Harsha606 · June 12, 2019, 9:57am

can any one help me on this plz?

Badger · June 12, 2019, 1:56pm

Assuming you have valid JSON coming from kafka, you can use a json filter to parse it. Then you can use grok or dissect to extract the folder name from [log][file][path]

Harsha606 · June 13, 2019, 9:18am

thanks Badger.. it helped me lot!!!

Harsha606 · June 13, 2019, 9:20am

for someone, who is facing same issue, here is the solution for it..

filter {

grok {
match => { "[log][file][path]" => "/mnt/volume0/somename-v[0-9]-free-service/services/(?[^/]+)/" }
}
}

system · July 11, 2019, 9:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Adding Filebeat Fields Logstash	6	452	October 29, 2018
Kafka logstash logs are showing into filebeat logstash index Logstash	11	284	August 11, 2023
How to debug further? Logstash not reading Kafka input Logstash	6	7147	April 16, 2017
Event send Kafka to logstash Logstash	4	455	October 2, 2018
Parse JSON array to flat JSON with filter, or alternative solution Logstash	4	5484	July 6, 2017

Input from kafka to logstash

Related topics