Parse source field

luggo · November 1, 2018, 10:01am

Hey community,

my source field (provided by filebeat) contains information about the host, the application and the version. Those are information that need to be in my log entries in Elasticsearch.

Example source:

C:\Projects\Elastic\Logs\extern\xmf20\ecext3\eb_xmf20_lvasp-ecext3_2018-06-21##20180618171421_19.3.0.4297.log

C:\Projects\Elastic\Logs\extern\{APP}\{SERVER}\eb_{APP}_{SERVER}_2018-06-21##20180618171421_{VERSION}.log

How can I use/parse the source field (provided by filebeat), to create fields and also determine dynamically the target elasticsearch index as the output?

Best regards

Christian_Dahlqvist · November 1, 2018, 10:26am

For that you will typically use either Logstash or an ingest pipeline.

luggo · November 1, 2018, 10:32am

Hey Christian, yes I want to use Logstash for this problem. That's why I have posted my question in the Logstash category.

But my question is, how to use Logstash to solve my problem.

Christian_Dahlqvist · November 1, 2018, 10:40am

If you have not used Logstash before I would recommend going through this introduction and the getting started guide in the documentation. Otherwise please show us what you have got so far.

Topic		Replies	Views
How to parse JSON with nested field name "source" Beats filebeat	3	1566	July 5, 2017
Question on Fields created in Filebeat and matched in Logstash Input Logstash	3	509	August 31, 2017
Source file path transfer to Logstash Beats filebeat	8	2117	April 10, 2017
How to know the log comme from which file Logstash	9	998	November 27, 2017
Logstash get field from elasticsearch message Logstash	5	719	February 5, 2018

Parse source field

Related topics