Logstash input filename as output elasticsearch index

问题

Is there a way of having the filename of the file being read by logstash as the index name for the output into ElasticSearch?

I am using the following config for logstash.

input{
    file{
        path => "/logstashInput/*"
    }
}
output{
    elasticsearch{
        index => "FromfileX"
    }
}

I would like to be able to put a file e.g. log-from-20.10.2016.log and have it indexed into the index log-from-20.10.2016. Does the logstash input plugin "file" produce any variables for use in the filter or output?

回答1:

Yes, you can use the path field for that and grok it to extract the filename into the index field

  input {
     file {
         path => "/logstashInput/*"
     }
  }
  filter {
     grok {
        match => ["path", "(?<index>log-from-\d{2}\.\d{2}\.\d{4})\.log$" ]
     }
  }
  output{
     elasticsearch {
        index => "%{index}"
     }
  }

来源：https://stackoverflow.com/questions/40155371/logstash-input-filename-as-output-elasticsearch-index

标签

logstash

logstash-file

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!