this is my working logstash config
output {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{ YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{ YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
I need if file path is equal /file/path
index must be test_file_index-%{ YYYY.MM.dd}
My new config file
output {
if "/file/path" in [@file][path] {
elasticsearch {
hosts => ["localhost:9200"]
index =>"test_file_index-%{ YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
} else {
if[@metadata][pipeline] {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{ YYYY.MM.dd}"
pipeline => "%{[@metadata][pipeline]}"
user => some_user
password => pass_4_some_user
}
} else {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index =>"%{[@metadata][beat]}-%{[@metadata][version]}-%{ YYYY.MM.dd}"
user => some_user
password => pass_4_some_user
}
}
}
}
Not working properly. If someone knows what is the correct way
CodePudding user response:
I believe the condition should just be
if "/file/path" in [path] {
As the file input stores the file path in the path
field, not @file.path
CodePudding user response:
output {
if [log][file][path] == "/full/file/path" {
elasticsearch {
hosts => ["localhost:9200"]
...
This one work for me. If someone care )))