Extracting fields from paths in logstash

2019-05-27 10:56发布

I am configuring logstash to collect logs from multiple workers on multiple hosts. I'm currently adding fields for host:

input {
    file {
            path => "/data/logs/box-1/worker-*.log"
            add_field => {
                "original_host" => "box-1" 
            }
    }
    file {
            path => "/data/logs/box-2/worker-*.log"
            add_field => {
                "original_host" => "box-2"
            }
    }

However, I'd also like to add a field {'worker': 'A'} and so on. I have lots of workers, so I don't want to write a file { ... } block for every combination of host and worker.

Do I have any alternatives?

标签： logstash

1条回答

Bombasti

2楼-- · 2019-05-27 11:10

You should be able to do a path => "/data/logs/*/worker-*.log" and then add a grok filter to pull out what you need.

filter { grok { match => [ "path", "/(?<original_host>[^/]+)/worker-(?<worker>.*).log" ] } }

or something very close to that.... might want to surround it with if [path] =~ /worker/ depending on what else you have in your config file.

0人赞添加讨论(0) 举报

Extracting fields from paths in logstash

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间