I want to add two fields using the split filter plugin of Logstash. The following example will give more context to the problem, the directory structure is as follows:
Artist
|
|___Album
|
|__SongsList.xml
When I parse the XML data, I want to add the Album name and the Artist name to my index, which is the current and parent directory respectively.
filter {
mutate {
add_field => {
"artist" => "What will I add here?"
"album" => "What will I add here?"
}
}
}
Is there a way I can achieve this?
After some research found what I was looking for. Turns out this can be done easily using the grok filter:
grok {
match => ["path","%{GREEDYDATA}/%{GREEDYDATA:artist_name}/%{GREEDYDATA:album_name}/%{GREEDYDATA:filename}\.xml"]
}