Logstash: How to Add File Name as a Field?

To add the file name as a field in Logstash, you can use the path metadata provided by the file input plugin. Here’s a basic configuration:

Use the file input plugin: Capture the path value (the file’s full path).
Extract the file name: Use a filter to isolate the file name and add it as a field.

Example Configuration

Copied!

input {
  file {
    path => "/path/to/your/files/*.log"  # Adjust path as needed
    start_position => "beginning"
    sincedb_path => "/dev/null"  # For testing purposes; adjust as needed
  }
}

filter {
  grok {
    match => { "path" => "/path/to/your/files/%{GREEDYDATA:filename}.log" }
  }
}

output {
  stdout {
    codec => rubydebug  # Displays events on the console for debugging
  }
}

Explanation

%{GREEDYDATA:filename}: Extracts the filename from the path. Adjust the path pattern if necessary.
filename: Stores the extracted file name in a new field named filename in each log event.

This setup will include the file name as a separate field in your Logstash output, making it easier to filter and analyze logs by file source.

Got an article suggestion? Let us know

Explore more

Logstash

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Logstash: How to Add File Name as a Field?

Example Configuration

Explanation

Please accept cookies