Hi,
filebeat config:
filebeat.inputs:
- type: log
enabled: true
paths:
- D:\elastic_stack\testLog\*
- D:\elastic_stack\LogWal\*
So in logstash i want for the first path did the split of the message and add fields like i did:
input {
beats {
type => "test"
port => "5044"
}
}
filter {
mutate {
split => {"message" => "|"}
add_field => { "date" => "%{[message][0]}" }
add_field => { "version" => "%{[message][1]}" }
}
for the second path i dont want to split message or adding field or somthing i just want this bloc in output:
output{
if ("Exception" in [message] or "EXCEPTION" in [message]) {
email {
to => "aa@gmail.com"
via => 'smtp'
address => 'smtp.gmail.com'
domain => 'smtp.gmail.com'
from => 'jo@gmail.com'
authentication => "plain"
username => "jo@gmail.com"
password => "pass"
subject => 'Alert '
body => "%{message}"
port => 25
use_tls => true
}
}
}
Sending email it works if i remove the split and the split it works i just want to keep them and make the split work just for the first path and the sending email just for second path.
Thanks in advance.