It 's possible to tag multiple input file name ?
I have many txt file and I want to tag all file maybe with name file if it's possible.
input {
file {
path => "/var/log/testing/*.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => "0"
tags => ["events"]
}
}Logstash already adds a field with the path to the input file from which the event was read.
Thanks Magnusbaeck. I solved with this logstash conf.
input {
file {
path => "/var/log/testing/*.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => "0"
tags => ["events"]
}
}
filter {
if "events" in [tags]{
grok {
match => { "path" => "%{UNIXPATH:path_tag}/%{GREEDYDATA:namefile_tag}\.txt\.*" }
}
mutate {
add_tag => [ "%{namefile_tag}" ]
}
}
output {
stdout {}
file {
path => "/var/log/logstash/tagged_stdout.log"
}
}
Now ,I have some _groktimeout tag on tags. Maybe is wrong the grok parser.
Don't use UNIXPATH. There was a recent thread about this not 24 hours ago.
Thanks! I solved.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.