Pattern matching in Logstash

Deepthi_V · August 3, 2017, 12:05am

Hi All,

I am calling Logstash using stdin like shown below:

/opt/logstash/bin/logstash agent -e 'input { file { path => "/home/dv/Desktop/log_output/input/**/*.log" codec => multiline { pattern => "^\s" what => "previous" } start_position => beginning ignore_older => 0 sincedb_path => "/dev/null" } }' -f /etc/logstash/conf.d/pipeline.conf

I am accessing the "path" in my configuration file and I want to check if the "path" contains words like "alerts","var" etc, so that different grok patterns get applied on it.

So far I have tried:

if [path] =~ "alerts"
if "alerts" in [path]

But it does not seem to work. Can anybody please help with this ASAP!

Thanks in advance.

Deepthi

magnusbaeck · August 3, 2017, 8:11am

Please use a stdout { codec => rubydebug } output to show us what your log entries look like. Preferably show us an example that contains "alerts".

Deepthi_V · August 3, 2017, 8:23am

Hello Magnus,

I was able to resolve this.

Thank you for your reply.

Regards,
Deepthi

prydeep · August 7, 2017, 2:28pm

Hey, Can you tell me how you fixed this issue? thanks

Deepthi_V · August 7, 2017, 7:03pm

It was a silly mistake from my side. I had removed the path field in the filter section but I was trying to access it in the output section. I just corrected that.

system · September 4, 2017, 7:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.