Hi,
I have a (maybe stupid) question concerning parsing of custom logfile where the Date is the first record followed by the detailed lines (time,....)
I don't use logstash, but filebeat and pipelines
Simple example:
Input Records:
12/02/2023
10:15 10:15 host1 40 800
10:20 10:20 host2 20 300
13/02/2023
05:30 05:30 host2 65 1200
07:20 07:20 host3 05 3000
...
Output:
documents should be like:
"doc": {
"_index": "_index",
"_id": "_id",
"_version": "-3",
"_source": {
"date": "12/02/2023",
"time": "10:15",
"hostname": "host1",
"cpu": "40",
"memory": "800"
}
}
"doc": {
"_index": "_index",
"_id": "_id",
"_version": "-3",
"_source": {
"date": "12/02/2023",
"time": "10:20",
"hostname": "host2",
"cpu": "20",
"memory": "300"
}
}
"doc": {
"_index": "_index",
"_id": "_id",
"_version": "-3",
"_source": {
"date": "13/02/2023"
"time": "05:30",
"hostname": "host2",
"cpu": "65",
"memory": "1200"
}
}
etc...So the date must be in every record
Anyone has any idea how to do this ?
Tnx !