Use grok to add the log filename as a field in logstash

前端未结

关注

 2  1440

挽巷 2021-02-20 14:23

I\'m using Grok & Logstash to send access logs from Nginx to Elastic search. I\'m giving Logstash all my access logs (with a wildcard, works well) and I would like to get th

2条回答

南方客 (楼主)

2021-02-20 14:51

I found it more desirable to use 2 grok blocks if there will be unmatching lines in the log files.

filter {
  if [type] == "nginx_access" {
    grok { 
      match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:app}.access.log" }
    }
    grok { 
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }
  }
}

0 讨论(0)

查看其它2个回答