Use grok to add the log filename as a field in logstash

Question

I\'m using Grok & Logstash to send access logs from Nginx to Elastic search. I\'m giving Logstash all my access logs (with a wildcard, works well) and I would like to get th

Answer 1

Ok, found it. grok breaks on match by default. So the first match being good, it skips the second one.

I solved it like that :

filter {
  if [type] == "nginx_access" {
    grok { 
      match => { "message" => "%{COMBINEDAPACHELOG}" }
      match => { "path" => "%{GREEDYDATA}/%{GREEDYDATA:app}.access.log" }
      break_on_match => false
    }
  }
}