Logstash文件名作为ElasticSearch索引 [英] Logstash filename as ElasticSearch index

问题描述

我正在使用文件夹作为输入:

I am using a folder as input:

input {
  file {
    path => "C:/ProjectName/Uploads/*"
    start_position => "beginning"
    sincedb_path => "dev/null"
  }
}

并作为输出:

output {
  elasticsearch {
    hosts => "localhost"
    index => "manual_index_name" # want filename here
    document_type => "_doc"
  }     
}

我希望elasticsearch中的索引为被索引文件的名称.我尝试过此答案的各种方法均未成功，因为我不清楚它在做什么: https://stackoverflow.com/a/40156466/6483906

I want the index in elasticsearch to be the name of the file being indexed. I've tried variations of this answer with no success as I am not clear on what it is doing: https://stackoverflow.com/a/40156466/6483906

推荐答案

您需要使用 grok 过滤器查找文件名的最后一部分:

You'll need to use a grok filter to find the last portion of the filename:

filter {
  grok {
     match => ["path", "Uploads/%{GREEDYDATA:index_name}" ]
  }
}

，然后只使用索引名称中的部分 index =>％{index_name}"

and then just use the portion in your index name index => "%{index_name}"

这篇关于Logstash文件名作为ElasticSearch索引的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！