Logstash: How to Add File Name as a Field?

Better Stack Team
Updated on November 18, 2024

To add the file name as a field in Logstash, you can use the path metadata provided by the file input plugin. Here’s a basic configuration:

  1. Use the file input plugin: Capture the path value (the file’s full path).
  2. Extract the file name: Use a filter to isolate the file name and add it as a field.

Example Configuration

 
input {
  file {
    path => "/path/to/your/files/*.log"  # Adjust path as needed
    start_position => "beginning"
    sincedb_path => "/dev/null"  # For testing purposes; adjust as needed
  }
}

filter {
  grok {
    match => { "path" => "/path/to/your/files/%{GREEDYDATA:filename}.log" }
  }
}

output {
  stdout {
    codec => rubydebug  # Displays events on the console for debugging
  }
}

Explanation

  • %{GREEDYDATA:filename}: Extracts the filename from the path. Adjust the path pattern if necessary.
  • filename: Stores the extracted file name in a new field named filename in each log event.

This setup will include the file name as a separate field in your Logstash output, making it easier to filter and analyze logs by file source.

Got an article suggestion? Let us know
Explore more
Logstash
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.