Convert logstash filter to fluentd

Asked Oct 12 '20 at 21:05

Active Oct 12 '20 at 21:05

Viewed 498 times

I'm really new to fluentd configurations and need help to convert this logstash config to fluentd to get started

filter {
  if [syslog5424_host] =~ /apilog/ {
    if [syslog5424_msg] =~ /\"ApplicationType\"\:\"API\"/ {
      json {
        source => "syslog5424_msg"
        # Remove syslog5424_msg field only if json filter is successful
        remove_field => ["syslog5424_msg", "syslog5424_sd", "syslog5424_proc", "syslog5424_pri", "syslog5424_ver", "syslog_facility", "syslog_facility_code"]
      }

      mutate {
        add_tag => ["API"]
        replace => { "type" => "api-dev" }
      }
    }
    else {
      mutate {
        add_tag => ["API"]
      }
    }
  }
}

asked Oct 12 '20 at 21:05

Sam

1

Please take a look at [syslog](https://docs.fluentd.org/input/syslog) input plugin and its [message_format](https://docs.fluentd.org/input/syslog#message_format). Also, [parser](https://docs.fluentd.org/filter/parser). – Azeem Oct 13 '20 at 03:50
@Azeem that's an awesome tip thank you – Sam Oct 13 '20 at 14:14
1

You're welcome! That `mutate` means that you might need [record_transformer](https://docs.fluentd.org/filter/record_transformer) as well. Good luck! – Azeem Oct 13 '20 at 14:19

Convert logstash filter to fluentd

0 Answers0