Merge information from two different lines into single event

I have a log file which has product id and item sale details on different lines. An example file can be

useless info
product id: 2455
useless info
Customer Name: xyz1 Price : abc1 Profit: efg1
Customer Name: xyz2 Price : abc2 Profit: efg2
Customer Name: xyz3 Price : abc3 Profit: efg3.
useless info

Now, my requirement is that along with name, price and profit, I also need the product id into my elastic search event data. One way to do this is to find the id and append it to all the lines in the file, but I am looking at a more elegant way to do this using only logstash. I have tried using multiple matching in grok, but it is only separately parsing the lines, but I am looking at someway which would retain information from previous lines.

Hi @Tarun_Kalluri,

This is an ideal case for the aggregate filter in Logstash.
In this case, you could use the "product id" as the task id I guess

Hi Conall, thanks for the suggestion. But as I understand it, aggregate filter needs to have some common field(s) among different lines to join them together, correct me if I am wrong. But here, one line contains product_id and nothing else, and line containing customer details does not contain id. The id, however, is unique to a file, so I need to copy on that information to all the further lines.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.