在Logstash conf中建立索引时如何添加文件名
[英]How to add the file name when indexing in logstash conf
问题描述
I have two files named access_log and http_access_2015-03-06_log and I want to set access and http_access_2015-03-06 parts of the file as the indices. 
我有两个名为access_log和http_access_2015-03-06_log文件,我想将文件的access和http_access_2015-03-06部分设置为索引。
I read some answers for similar questions but I couldn't get how I can filter the file path using grok filter and use it as a reference for indexing. 我读了一些类似问题的答案,但我不知道如何使用grok过滤器过滤文件路径并将其用作索引参考。
Below is my configuration file: 下面是我的配置文件:
input {
file {
path => ["G:/logstash-1.5.0/bin/tmp/*_log"]
start_position => "beginning"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { type => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
} else if [path] =~ "error" {
mutate { replace => { type => "apache_error" } }
} else {
mutate { replace => { type => "random_logs" } }
}
}
output {
elasticsearch {
action => "index"
host => localhost
index => "test"
}
stdout { codec => rubydebug }
}
How it can be done? 怎么做?
1 个解决方案
解决方案1
0 2015-11-08 16:41:02
You're setting a 'type' field. 您正在设置“类型”字段。 If that's good enough, you can refer to it in your output{} stanza: 如果这足够好,您可以在输出{}节中引用它:
index => "%{type}-%{+YYYY.MM.dd}"
If you wanted to use some information from your filters that you didn't also want stored in elasticsearch, you can put it in a metadata field, eg: 如果您想使用过滤器中一些您不想也存储在elasticsearch中的信息,可以将其放在元数据字段中,例如:
[@metadata][myField]
and then refer to that in the same way. 然后以相同的方式引用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.