Reading filename and appending to all logs

Hi,

I have filebeat setup to read log files from a specific directory.
My issue is that the systemID is not in the logs. Rather, it is appended in the filename.
e.g. 551904.log

I need each line in the log to be tagged to a fieldname(systemID) with the value of 551904 so that I know where the log came from.

Any suggestions on how I can achieve this in graylog? Thanks!

In the filebeat configuration on the client you can set fields to include in the message going to Graylog - here is an example windows version.

filebeat:
  inputs:
##### example input with log name
    - type: log
      enabled: true
      include_lines: ['Authorization']
      exclude_lines: ['Header','^#']
      fields:
        SystemID: 551904 
      ignore_older: 72h
      paths:
        - C:\windows\logs\example\551904.log 

This solution wouldn’t be efficient for multiple machines with unique systemID’s but it’s a start.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.