Hello to everyone!
My question looks like obvious, but I missed something basic and stuck =)
I have a UDP input that I want to output as a file
My desired output file path is:
E:/logstash/log/$host_ip$/$date$.log
It seems that pipeline conf must look ilke this:
output {
file {
path => "E:/logstash/log/$host_ip$/%{+YYYY-MM-dd-HH}.log"
}
}
So, the question is how to reference a host ip?
This is an example of the event:
{"host":{"ip":"172.22.255.5"},"event":{"original":"<166>Nov 22 2024 13:06:46 0.0.0.0 : %ASA-6-305012: Teardown dynamic TCP translation from inside:172.29.90.17/45992 to outside:1.2.3.4/45992 duration 0:00:03\n"},"@timestamp":"2024-11-22T10:06:46.866042800Z","message":"<166>Nov 22 2024 13:06:46 0.0.0.0 : %ASA-6-305012: Teardown dynamic TCP translation from inside:172.29.90.17/45992 to outside:1.2.3.4/45992 duration 0:00:03\n","@version":"1"}
I tried to use different references in the output config but didn't find a solution
Tried this:
E:/logstash/log/%{host}/%{+YYYY-MM-dd-HH}.log
E:/logstash/log/%{host.ip}/%{+YYYY-MM-dd-HH}.log
E:/logstash/log/%[host][ip]/%{+YYYY-MM-dd-HH}.log