rohansingh
Reputation: 327
How to include the filter in Logstash config file?
I am using LogStash which accepts data from a log file, which has different types of logs.
The first row represents a custom log, whereas the second row represents a log in JSON format.
Now, I want to write a filter which will parse the logs on the basis of content and finally direct all the JSON format logs to a file called jsonformat.log and the other logs into a seperate file.
Upvotes: 0
Views: 481
Answers (1)
Val
Reputation: 217274
You can leverage the json filter and check if it failed or not to decide where to send the event.
input {
file {
path => "/Users/mysystem/Desktop/abc.log"
start_position => beginning
ignore_older => 0
}
}
filter {
json {
source => "message"
}
}
output {
# this condition will be true if the log line is not valid JSON
if "_jsonparsefailure" in [tags] {
file {
path => "/Users/mysystem/Desktop/nonjson.log"
}
}
# this condition will be true if the log line is valid JSON
else {
file {
path => "/Users/mysystem/Desktop/jsonformat.log"
}
}
}
Upvotes: 2
Related Questions
- Logstash parsing json
- How to add a field from a file in logstash filter
- How to cumul filters with logstash?
- How to apply sub-filter in logstash
- Logstash Add field from grok filter
- elasticsearch filter not working in logstash
- How to use the JSON Filter Plugin for Logstash
- Logstash json filter not adding fields to the root of the event [EDITED]
- filter json in logstash
- Logstash - grok configuration filter