Dears,
Could you please advise how to assign specific log files (with specific naming convention) to a specific stream. I’ve tried using pipeline and rules like below but didn’t work:
rule “GetsubProf_logs”
// we use only one rule to identify if this is an GetsubProf log file
// in all following rules it is possible to check just this single field.
//
// following rules can just check for:
// has_field(“is_GetsubProf”)
when
// put any identifier you have for the GetsubProf log file
// in this rule
has_field(“facility”) AND
to_string($message.facility) == “filebeat” AND
//
// the following rule only work if the GetsubProf log file is
// in the default location
//
has_field(“file”) AND
to_string($message.file) == “/var/log/log_analytics/GetsubProf sample116.log” AND
// you need to adjust that if you change the field in the collector configuration!
has_field(“type”)
then
set_field(“is_GetsubProf”, true);
end
Thanks and thanks in advance,