Logstash:如何将文件名添加为字段? [英] Logstash: how to add file name as a field?

问题描述

我正在使用Logstash + Elasticsearch + Kibana来概述我的Tomcat日志文件.

I'm using Logstash + Elasticsearch + Kibana to have an overview of my Tomcat log files.

对于每个日志条目，我需要知道其来源文件的名称.我想将其添加为字段.有办法吗? 我在Google上做了一些搜索，但只找到此SO问题，但答案不再是最新的.

For each log entry I need to know the name of the file from which it came. I'd like to add it as a field. Is there a way to do it? I've googled a little and I've only found this SO question, but the answer is no longer up-to-date.

到目前为止，我看到的唯一解决方案是使用不同的"add_field"为每个可能的文件名指定单独的配置，如下所示:

So far the only solution I see is to specify separate configuration for each possible file name with different "add_field" like so:

input {
  file {
     type => "catalinalog"
     path => [ "/path/to/my/files/catalina**" ]
     add_field => { "server" => "prod1" }
  }
}

但是，每当有一个新的可能的文件名时，我都需要重新配置logstash. 还有更好的主意吗?

But then I need to reconfigure logstash each time there is a new possible file name. Any better ideas?

推荐答案

您好，我为此添加了grok过滤器.我只想使用文件名而不是路径，但是您可以根据需要进行更改.

Hi I added a grok filter to do just this. I only wanted to have the filename not the path, but you can change this to your needs.

filter {
  grok {
    match => ["path","%{GREEDYDATA}/%{GREEDYDATA:filename}\.log"]
  }
}

这篇关于Logstash:如何将文件名添加为字段?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！