How to include regular expression in logstash file input path

Question

I am using logstash to convert tomcat access logs into json format. The access log names are in below format

abcd_access_log.2016-03-15.log
efgh_access_log.2016-02-16.log

The input filter is:

input { 
    file {
        path => "C:\tools\apache-tomcat-8.0.32\logs\*_access_log.*.log"
        start_position => beginning
    } 
}

It is not showing logs with the regex used. What regex should I use here to select only these files?

In logstash 2.3 I found that Windows paths must use a forward slash like in Linux. Maybe this will help someone. — N. Kudryavtsev, Jun 24 '16 at 14:43

Nikolas Charalambidis · Accepted Answer · 2016-03-24T10:27:36.223

Simple and fast way

If your log file is always after logs\, you can use the following regex:

logs\\(.*?\.log)

Capture everything .*? followed by logs\ (please note double \\ in the regex). Also your file ends with .log, so dont forget to escape the dot with \.log.

Detailed description is at Regex101.

Bullet-proof and slower way

In case there is missing the key characters logs\, you can use the following regex, that captures the last part of the path, using the negative lookahead:

\\((?:.(?!\\))+\.log)

Here is the detailed description again: Regex101

How to include regular expression in logstash file input path

1 Answers1