Logging form folder with subfolders

Alex_Kovalyov · August 4, 2017, 3:03pm

Hello!
I have the next structure of logs
/var/log/stash/site1/.log
/var/log/stash/site1/accounts/account1/.log
/var/log/stash/site1/otherKind1/.log
/var/log/stash/site1/otherKind2/.log
so in site can be many subfolders
same site2, site3 etc

How I should use filter grok or others to get in elasticsearch output in index all this subfolders: site1,2,3 (name of sites here), "accounts" and then account names
%{site}
%{site}-%{kind}
%{site}-account-%{account}

Trying to do like this:
input {
file {
path => [ "/var/log/stash/**/.log" ]
type => "file"
}
}
filter {
grok {
match => {"path" => "/var/log/stash/(?[^/]+)/(?[^/]+)/.log"}
}
grok {
match => {"path" => "/var/log/stash/(?[^/]+)/*.log" }
}
...
}
output {
if [type] == "file" {
elasticsearch {
hosts => "127.0.0.1:9200"
index => "logstash-%{site}-%{kind}-%{+YYYY.MM.dd}"
}
}
stdout { codec => rubydebug }
}

But no results

magnusbaeck · August 7, 2017, 5:27am

Are the site and kind fields being populated, i.e. are the grok filters working? Forget about the elasticsearch output for now, use the stdout { codec => rubydebug } output while debugging.

Alex_Kovalyov · August 8, 2017, 1:27pm

Magnus Bäck, thanks. I found problem and solution

system · September 5, 2017, 1:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sorry if its repeated question about parsing logs from diffrent directories and diffrent indexes Logstash	3	327	June 5, 2017
How to handle multiple inputs with Logstash to different indices Logstash	19	19226	July 6, 2017
Conditional output from filbeat documents logstash to elasticsearch Logstash	3	725	June 4, 2019
Elk + ruby + syslog plugins Elasticsearch	1	670	July 6, 2017
Filter multiple logs from same file to different index Logstash	2	576	June 23, 2020

Logging form folder with subfolders

Related topics