Parse two log files into Single index in ES via Logstash

sjabiulla · April 30, 2019, 11:37am

Hi,

I have two log files and I want to merge the data from two log files and index the data into the same document.

Log file 1 format:
<JOB_NAME> <APPLICATION_NAME> <STARTED_TIME> <CURRENT_STATUS>

Log file 2 format:
<JOB_NAME> <AVERAGE_TIME_TAKEN>

Currently I'm able to parse the above two log files using two seperate GROK match patterns. But I want to index these two log files in to single index as below.

      {
        "_index" : "my-index",
        "_type" : "doc",
        "_id" : "va_TbWoBfjxVI6P8WKhc",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2019-04-30T10:38:46.065Z",
          "status" : "Completed",
          "@version" : "1",
          "job_name" : "my-job-2",
          "application_name" : "my-app-name",
          "avg_time_taken" : 500
        }

Is this possible via Logstash ?

Badger · April 30, 2019, 2:24pm

Take a look at this.

system · May 28, 2019, 2:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.