Logstash: how to use filter to match filename when using s3

Question

I am new to logstash. I have some logs stored in AWS S3 and I am able to import them to logstash. My question is: is it possible to use the grok filter to add tags based on

Answer 1

If you want to use tags based on filename, I think that this will work (I have not test it):

filter {
  grok {
    match => [ "path", "%{GREEDYDATA:content}"]   
  }     
  mutate {
    add_tag => ["content"]
  }
}

"content" tag will be the filename, now it's up to you to modify the pattern to create differents tags with the specific part of the filename.