Not able to index timestamp from input filename

Kalyan_MB · April 11, 2019, 6:38pm

Hi,

input file name format: free_data_09_09_18_10.txt <free_data_date_month_hour_min>

i want this time stamp also to be indexed along with input file data, trying with below logstash filter config which is not working as expected any suggestions?

input {
beats {
port => 5044
}
}

filter {

grok { match => { "someField" => "free_data_(?[0-9_]+).txt" } }
date { match => [ "ts", "dd_MM_HH_mm" ] }
if [message] =~ /Mem:/ {
dissect { mapping => {'message' => '%{mem_type->} %{total_mem->} %{used_mem->} %{free_mem->} %{shared_mem->} %{cache_mem->} %{availablemem}'} }
} else if [message] =~ /Swap:/ {
dissect { mapping => {'message' => '%{mem_type->} %{total_mem->} %{used_mem->} %{free_mem->}'} }
}

}

output {
if [service_name] == "cfx" {
elasticsearch
{
#path => "/var/log/sdl_logs/%{vnf_id}/%{vm_type}/%{instance_id}/%{service_name}/%{app_name}_%{+yyyy-MM-dd-HH}.log"
#codec => line { format => "%{message}" }
#gzip => true
hosts => ["http://x.x.x.x:9200"]
index => "freedata"

system · May 9, 2019, 6:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Not able to index timestamp from input filename

output { if [service_name] == "cfx" { elasticsearch { #path => "/var/log/sdl_logs/%{vnf_id}/%{vm_type}/%{instance_id}/%{service_name}/%{app_name}_%{+yyyy-MM-dd-HH}.log" #codec => line { format => "%{message}" } #gzip => true hosts => ["http://x.x.x.x:9200"] index => "freedata"

output {
if [service_name] == "cfx" {
elasticsearch
{
#path => "/var/log/sdl_logs/%{vnf_id}/%{vm_type}/%{instance_id}/%{service_name}/%{app_name}_%{+yyyy-MM-dd-HH}.log"
#codec => line { format => "%{message}" }
#gzip => true
hosts => ["http://x.x.x.x:9200"]
index => "freedata"