I have a logstash pipeline with many filters, it ingests netflow data using the netflow module.
I would like to add one field to the output result. The name of the field being: "site"
Site is going to be a numeric value present in a file. How do I create the field from the file?
Eg:
mutate {
id => "site"
add_field => {
"[flow][policy_violation]" => "false"
"[flow][threat]" => "false"
"[flow][site_id]" => //=======> read file /tmp/site.id and assign value
}
}
File:
/tmp/site.id
site.id contains:
12345678
You can leverage an environment variable in the Logstash configuration. First, export the variable before running Docker/Logstash:
export SITE_ID=$(</tmp/site.id)
Then run docker with the environment variable:
docker run ... --env SITE_ID
And then in your Logstash configuration, you can reference the variable like this:
mutate {
id => "site"
add_field => {
"[flow][policy_violation]" => "false"
"[flow][threat]" => "false"
"[flow][site_id]" => "${SITE_ID}"
}
}