从Logstash中的路径提取字段 [英] Extracting fields from paths in logstash

问题描述

我正在配置logstash以从多个主机上的多个工作器收集日志.我目前正在为主机添加字段:

I am configuring logstash to collect logs from multiple workers on multiple hosts. I'm currently adding fields for host:

input {
    file {
            path => "/data/logs/box-1/worker-*.log"
            add_field => {
                "original_host" => "box-1" 
            }
    }
    file {
            path => "/data/logs/box-2/worker-*.log"
            add_field => {
                "original_host" => "box-2"
            }
    }

但是，我还想添加一个字段{'worker': 'A'}，依此类推.我有很多工作人员，所以我不想为主机和工作人员的每种组合编写一个file { ... }块.

However, I'd also like to add a field {'worker': 'A'} and so on. I have lots of workers, so I don't want to write a file { ... } block for every combination of host and worker.

我还有其他选择吗?

推荐答案

您应该可以执行path => "/data/logs/*/worker-*.log"，然后添加一个grok过滤器以提取所需的内容.

You should be able to do a path => "/data/logs/*/worker-*.log" and then add a grok filter to pull out what you need.

filter { grok { match => [ "path", "/(?<original_host>[^/]+)/worker-(?<worker>.*).log" ] } }

或与之接近的东西....可能要用if [path] =~ /worker/包围它，具体取决于配置文件中的其他内容.

or something very close to that.... might want to surround it with if [path] =~ /worker/ depending on what else you have in your config file.

这篇关于从Logstash中的路径提取字段的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！