Logstash: how to add file name as a field?

前端未结

关注

 2  742

走了就别回头了

I\'m using Logstash + Elasticsearch + Kibana to have an overview of my Tomcat log files.

For each log entry I need to know the name of the file from which it came. I

相关标签:

2条回答

有刺的猬

2020-11-30 10:15
Hi I added a grok filter to do just this. I only wanted to have the filename not the path, but you can change this to your needs.
```
filter {
  grok {
    match => ["path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"]
  }
}
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

-上瘾入骨i

2020-11-30 10:30

In case you would like to combine the message and file name in one event:

filter {
grok {
    match => { 
        message => "ERROR (?<function>[\S]*)"
        }
}
grok {
    match => { 
        path => "%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"
        }
}}

The result in ElasticSearch (focus on 'filename' and 'function' fields):

"_index": "logstash-2016.08.03",
    "_type": "logs",
    "_id": "AVZRyEI49-A6kyBCq6Yt",
    "_score": 1,
    "_source": {
      "message": "27/07/16 12:16:18,321 ERROR blaaaaaaaaa.internal.com",
      "@version": "1",
      "@timestamp": "2016-08-03T19:01:33.083Z",
      "path": "/home/admin/mylog.log",
      "host": "my-virtual-machine",
      "function": "blaaaaaaaaa.internal.com",
      "filename": "mylog"
    }

0 讨论(0)