blueren
Reputation: 2860
How to add a field from a file in logstash filter
I have a logstash pipeline with many filters, it ingests netflow data using the netflow module.
I would like to add one field to the output result. The name of the field being: "site"
Site is going to be a numeric value present in a file. How do I create the field from the file?
Eg:
mutate {
id => "site"
add_field => {
"[flow][policy_violation]" => "false"
"[flow][threat]" => "false"
"[flow][site_id]" => //=======> read file /tmp/site.id and assign value
}
}
File:
/tmp/site.id
site.id contains:
12345678
Upvotes: 0
Views: 2164
Answers (1)
Val
Reputation: 217304
You can leverage an environment variable in the Logstash configuration. First, export the variable before running Docker/Logstash:
export SITE_ID=$(</tmp/site.id)
Then run docker with the environment variable:
docker run ... --env SITE_ID
And then in your Logstash configuration, you can reference the variable like this:
mutate {
id => "site"
add_field => {
"[flow][policy_violation]" => "false"
"[flow][threat]" => "false"
"[flow][site_id]" => "${SITE_ID}"
}
}
Upvotes: 1
Related Questions
- Change a specific "Value" inside a "Field" in Logstash Config file
- logstash file input configuration
- Logstash Add field from grok filter
- Elasticsearch + Logstash: How to add a fields based on existing data at importing time
- Add extra value to field before sending to elasticsearch
- Modify the content of a field using logstash
- add custom mapping for elasticsearch in logstash
- How to include the filter in Logstash config file?
- Configuring Logstash to only include certain fields
- How to assign a variable in logstash config?