Hi all,
I am using Filebeat to pass logs to Logstash for parsing and ingestion into Elasticsearch. Take this config extract for example:
filebeat.inputs:
- type: filestream
paths:
- /opt/containers/sites/*/html/var/log/system.log
- /opt/containers/sites/*/html/var/log/debug.log
- /opt/containers/sites/*/html/var/log/exception.log
tags: ["magento"]
As you can see, I am grabbing all of my Magento logs. The problem arises when I want to filter logs by site in Kibana. At this point I can't see a very obvious or easy way to do this. I thought it would be great if I could add tags depending on what grok finds, e.g. grok finds a file at
/opt/containers/sites/examplemagentostore.com/html/var/log/system.log
and tags events with magento-examplemagentostore. I am trying to avoid hard coding the sites into Filebeat's config as that wouldn't be very dynamic with adding more sites.
Any thoughts or resources are appreciated.