I want to filter out scm_output portion from /lib/logs/scm_output.log this file path and abc_output from this file path , /lib/logs/abc_output.log, and add new fields as scm_output & abc_output.
I have tried this,
grok {
match => { "[log][file][path]" => "%{PATH}%{GREEDYDATA:name}\.*+%{GREEDYDATA}.log" }
}
But not getting any result.
I am new to ELK and GROK filter, please help me to filter these.
The below grok pattern should work for you
grok
{
match => {"message" => "%{GREEDYDATA:PATH}/%{GREEDYDATA:filename}.log"}
}
Keep Posted!!! Thanks !!!