Tag input name file

elk2 · May 2, 2018, 5:56pm

It 's possible to tag multiple input file name ?
I have many txt file and I want to tag all file maybe with name file if it's possible.

input {
   file {
    path => "/var/log/testing/*.txt"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    ignore_older => "0"
    tags => ["events"]
  }
}

magnusbaeck · May 2, 2018, 6:42pm

Logstash already adds a field with the path to the input file from which the event was read.

elk2 · May 3, 2018, 10:51am

Thanks Magnusbaeck. I solved with this logstash conf.

input {
   file {
    path => "/var/log/testing/*.txt"
    start_position => "beginning"
    sincedb_path => "/dev/null"
    ignore_older => "0"
    tags => ["events"]
  }
}
    filter {
     
      if "events" in [tags]{
       grok {
          match => { "path" => "%{UNIXPATH:path_tag}/%{GREEDYDATA:namefile_tag}\.txt\.*" }
        }
       mutate {
        add_tag => [ "%{namefile_tag}" ]
       }  
     }

 output {
      stdout {}
      
      file {
            path => "/var/log/logstash/tagged_stdout.log"
      }
 }

Now ,I have some _groktimeout tag on tags. Maybe is wrong the grok parser.

magnusbaeck · May 3, 2018, 11:04am

Don't use UNIXPATH. There was a recent thread about this not 24 hours ago.

elk2 · May 4, 2018, 7:39am

Thanks! I solved.

system · June 1, 2018, 7:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Multiple File Inputs Logstash	3	20781	July 6, 2017
Logstash add tag Logstash	1	793	February 25, 2020
We had given a task, for adding Tag but facing issue in it Logstash	4	299	July 2, 2020
Why _grokparsefailure? Logstash	5	1335	January 10, 2019
Read multiple log Logstash	3	411	July 27, 2017

Tag input name file

Related topics