Parse source field

luggo · November 1, 2018, 10:01am

Hey community,

my source field (provided by filebeat) contains information about the host, the application and the version. Those are information that need to be in my log entries in Elasticsearch.

Example source:

C:\Projects\Elastic\Logs\extern\xmf20\ecext3\eb_xmf20_lvasp-ecext3_2018-06-21##20180618171421_19.3.0.4297.log

C:\Projects\Elastic\Logs\extern\{APP}\{SERVER}\eb_{APP}_{SERVER}_2018-06-21##20180618171421_{VERSION}.log

How can I use/parse the source field (provided by filebeat), to create fields and also determine dynamically the target elasticsearch index as the output?

Best regards

Christian_Dahlqvist · November 1, 2018, 10:26am

For that you will typically use either Logstash or an ingest pipeline.

luggo · November 1, 2018, 10:32am

Hey Christian, yes I want to use Logstash for this problem. That's why I have posted my question in the Logstash category.

But my question is, how to use Logstash to solve my problem.

Christian_Dahlqvist · November 1, 2018, 10:40am

If you have not used Logstash before I would recommend going through this introduction and the getting started guide in the documentation. Otherwise please show us what you have got so far.

system · November 29, 2018, 10:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.