Splitting csv files send to elasticsearch via logstash http input

reynavan · July 8, 2021, 7:19am

Hello!
I am new to ELK stack and I'm looking for some advice. I have 3 different types of csv's files which are generated every day, I'm sending them to IP address where logstash is configured, than i want to visualize data from those files in kibana. When i was trying things locally i was using file input, where every line from files was treated as new event and than i was using "if else" to apply proper csv filter to file based on number of columns and everything worked as i wanted. Now when i send those files to IP address, http input process files as one event and nothing works. I tried to use split filter but couldn't get it to work Should i tried different approach, or I am forgetting about something obvious? here is my config file( i left split filter empty now as I could not get it to work but i suspect i need to use it):

input {
		http{
		}
}
filter{
 split{}
 ruby { code => 'event.set("[@metadata][columns]", 1 + event.get("message").count(","))' }
	if [@metadata][columns] == 7{
	csv{
		separator => ","
		columns => ["Class","Asset Name","Issue","Value","Severity","Path", "Date"]
		}
	mutate{
	add_tag => "assets"
	}	
 }else if [@metadata][columns] == 8{
	csv { 
		separator => ","
		columns => ["Time (ms)","Frame (ms)","GT (ms)","RT (ms)","GPU (ms)","DynRes","Context","Date"] 
		}
		mutate{
		add_tag => "fps_profiling"
		convert => {
		"Time (ms)" => "float"
		"Frame (ms)" => "float"
		"GT (ms)" => "float"
		"RT (ms)" => "float"
		"GPU (ms)" => "float"
		"DynRes" => "float"
		"Context" => "integer"
		}
		}
 } else if [@metadata][columns] == 9{
        csv { 
		separator => ","
		columns => ["Percentile","Frame (ms)","GT (ms)","RT (ms)","GPU (ms)","DynRes","Context","Date"]
		}
		mutate{
		add_tag => "fps_profiling" 
		convert => {
		"Percentile" => "float"
		"Frame (ms)" => "float"
		"GT (ms)" => "float"
		"GPU (ms)" => "float"
		"DynRes" => "float"
		"Context" => "integer"
		}
		}
}

date {
    match => [ "Date", "ISO8601", "YYYY-MM-dd HH:mm:ss", "YYYY-MM-dd HH:mm:ss.ZZZ"]
	target => "Date"    
    }
	}

output {
	stdout {codec => rubydebug}
	if "fps_profiling" in [tags]{
	elasticsearch{
		hosts => ["localhost:9200"]
		index => "performance_tests"
	}
	}else {
	elasticsearch{
	hosts => ["localhost:9200"]
	index => "assets_validation"
	}
	}

}

system · August 5, 2021, 7:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to split CSV file and filter CSV Files Logstash	2	3722	July 6, 2017
Determine when to stop capturing event and start another one Logstash	5	807	June 26, 2017
Parsing csv file through Logstash Logstash	18	2127	July 9, 2021
Unable to parse CSV input from Filebeat -> Logstash Logstash	3	1755	April 30, 2019
Logstash Configuration File Logstash	8	458	February 11, 2022

Splitting csv files send to elasticsearch via logstash http input

Related topics