Hi! I use Filebeat on a central Syslog server which collects logs from all network devices. Filebeat is configured to collect the logs (which are arrenged by days in the month) from this server and sends them to Logstash. The log.file.path fileld's value is the following: /var/log/remote/device na…

Split filepath to a new field

Rios (Rios) November 23, 2022, 2:51pm 3

Another option is split and take whatever is on the 4th position.

    mutate { copy => { "[log][file][path]" => "[@metadata][path]"}}
    mutate {  split  => { "[@metadata][path]" => "/" }      }
    mutate { add_field => { "devicename" => "%{[@metadata][path][4]}"}}

1 Like

Topic		Replies	Views
Extract folder name as field in logstash Beats filebeat	8	914	June 16, 2022
Get filter value in add_field Logstash	5	583	June 27, 2019
Extract fields from a log path in logstash Logstash	3	334	July 19, 2018
Can we extract folder and file out of log.file.path field? Kibana	5	2976	March 3, 2020
Split filter Logstash	4	232	July 11, 2018

Split filepath to a new field

Related topics