Logstash Filter - add field with value current directory name

Question

I want to add two fields using the split filter plugin of Logstash. The following example will give more context to the problem, the directory structure is as follows:

Artist
  |
  |___Album
        |
        |__SongsList.xml

When I parse the XML data, I want to add the Album name and the Artist name to my index, which is the current and parent directory respectively.

filter {
  mutate {
    add_field => {
      "artist" => "What will I add here?"
      "album" => "What will I add here?"
    }
  }
}

Is there a way I can achieve this?

score 1 · Accepted Answer · answered May 13 '18 at 04:36

1

After some research found what I was looking for. Turns out this can be done easily using the grok filter:

grok {
        match => ["path","%{GREEDYDATA}/%{GREEDYDATA:artist_name}/%{GREEDYDATA:album_name}/%{GREEDYDATA:filename}\.xml"]
    }

answered May 13 '18 at 04:36

Harish

1,433
9
21

Logstash Filter - add field with value current directory name

1 Answers1