Logstash filter plugin for command line output

Elastic Stack Logstash
1

Hello everyone,

I am new to logstash need help.
I want to send commandline output from multiple system to elasticsearch via logstash. which filter plugin suits for this? Below is the sample command line output from 2 systems. Tried grok filter, but grok function works on single input line.

Below is my sample input file containing 2 system command line output:

Bcd-n123z01-BB123a-ABC001122334455
11.222.333.444

Cluster cluster-1
operational-status: ok
transitioning-indications:
transitioning-progress:
health-state: ok
health-indications:
local-com: ok

Cluster cluster-2
operational-status: ok
transitioning-indications:
transitioning-progress:
health-state: ok
health-indications:
local-com: ok

wan-com: ok

Xyz-h123z01-NM987b-XYZ009988776655
11.22.333.55

Cluster cluster-1
operational-status: ok
transitioning-indications:
transitioning-progress:
health-state: ok
health-indications:
local-com: ok

Cluster cluster-2
operational-status: ok
transitioning-indications:
transitioning-progress:
health-state: ok
health-indications:
local-com: ok

wan-com: ok

In above example input, I want output as

system name: "Bcd-b123z01-VP123a-ABC001122334455"
IP: "11.222.333.444"
cluster-1.operational-status: ok
cluster-1.transitioning-indications:
cluster-1.transitioning-progress:
cluster-1.health-state: ok
cluster-1.health-indications:
cluster-1.local-com: ok
cluster-2.operational-status: ok
cluster-2.transitioning-indications:
cluster-2.transitioning-progress:
cluster-2.health-state: ok
cluster-2.health-indications:
cluster-2.local-com: ok
system name: "Xyz-h123z01-NM987b-XYZ009988776655"
IP: "11.22.333.55"
cluster-1.operational-status: ok
cluster-1.transitioning-indications:
cluster-1.transitioning-progress:
cluster-1.health-state: ok
cluster-1.health-indications:
cluster-1.local-com: ok
cluster-2.operational-status: ok
cluster-2.transitioning-indications:
cluster-2.transitioning-progress:
cluster-2.health-state: ok
cluster-2.health-indications:
cluster-2.local-com: ok

Thank you in advance :slight_smile:

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.