Use grok to add the log filename as a field in logstash

前端 未结 2 1454
挽巷
挽巷 2021-02-20 14:23

I\'m using Grok & Logstash to send access logs from Nginx to Elastic search. I\'m giving Logstash all my access logs (with a wildcard, works well) and I would like to get th

2条回答
  •  不思量自难忘°
    2021-02-20 14:48

    Ok, found it. grok breaks on match by default. So the first match being good, it skips the second one.

    I solved it like that :

    filter {
      if [type] == "nginx_access" {
        grok { 
          match => { "message" => "%{COMBINEDAPACHELOG}" }
          match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:app}.access.log" }
          break_on_match => false
        }
      }
    }
    

提交回复
热议问题