[英]How to split file name in logstash?
我正在將 s3 存儲桶中的文件注入到 logstash,我的文件名包含一些信息,我想將文件名拆分為多個字段,以便將它們用作單獨的字段。 請幫助我,我是麋鹿的新手。
input {
s3 {
bucket => "***********"
access_key_id => "***********"
secret_access_key => "*******"
"region" => "*********"
"prefix" => "Logs"
"interval" => "1"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
filter {
mutate {
add_field => {
"file" => "%{[@metadata][s3][key]}" //This file name have to split
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "indexforlogstash"
}
}
在filter部分,您可以利用dissect過濾器來實現您想要的:
filter {
...
dissect {
mapping => {
"file" => "Logs/%{deviceId}-%{buildId}-log.txt"
}
}
}
通過此過濾器后,您的文檔將獲得兩個新字段,即:
deviceId )buildId (custombuildv12)
Logstash如何根據文件名為ElasticSearch賦予不同的索引名稱
[英]Logstash how to give different index name to ElasticSearch based on file name
如何通過使用logstash將自定義格式的日志文件拆分為json?
[英]how can I split custom formated log file into json by using logstash?
如何從日志文件路徑中提取變量,在Logstash中測試模式的日志文件名?
[英]How to extract variables from log file path, test log file name for pattern in Logstash?
如何使用Logstash配置文件將Logstash中的字段設置為“not_analyzed”
[英]How to set field in Logstash as “not_analyzed” using Logstash config file
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.