Logstash: How to Add File Name as a Field?
To add the file name as a field in Logstash, you can use the path metadata provided by the file input plugin. Here’s a basic configuration:
- Use the
fileinput plugin: Capture thepathvalue (the file’s full path). - Extract the file name: Use a filter to isolate the file name and add it as a field.
Example Configuration
input {
file {
path => "/path/to/your/files/*.log" # Adjust path as needed
start_position => "beginning"
sincedb_path => "/dev/null" # For testing purposes; adjust as needed
}
}
filter {
grok {
match => { "path" => "/path/to/your/files/%{GREEDYDATA:filename}.log" }
}
}
output {
stdout {
codec => rubydebug # Displays events on the console for debugging
}
}
Explanation
%{GREEDYDATA:filename}: Extracts the filename from thepath. Adjust the path pattern if necessary.filename: Stores the extracted file name in a new field namedfilenamein each log event.
This setup will include the file name as a separate field in your Logstash output, making it easier to filter and analyze logs by file source.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Make your mark
Join the writer's program
Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.
Write for us
Build on top of Better Stack
Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.
community@betterstack.comor submit a pull request and help us build better products for everyone.
See the full list of amazing projects on github