From 67dd405f4ace36a06a6c75341016c081c1cb3316 Mon Sep 17 00:00:00 2001
From: "vaibhav.jain1" <vaibhav.jain1@amdocs.com>
Date: Tue, 10 Oct 2017 18:33:09 +0530
Subject: Extract componentName from the source path of logs

The current source path for log files is:
/var/log/onap/<component_name>/<sub-component_name>. A grok filter has
been added to extract the forth token as the component name from this
source path.

Change-Id: Ic95eb9c3b5189cc8a9fecc25d498809a4095eba6
Issue-ID: LOG-74
Signed-off-by: vaibhav.jain1 <vaibhav.jain1@amdocs.com>
---
 elasticstack/logstash/conf/onap-pipeline.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/elasticstack/logstash/conf/onap-pipeline.conf b/elasticstack/logstash/conf/onap-pipeline.conf
index 5b32038..a382edc 100644
--- a/elasticstack/logstash/conf/onap-pipeline.conf
+++ b/elasticstack/logstash/conf/onap-pipeline.conf
@@ -130,6 +130,7 @@ filter {
       "message" => ["%{TIMESTAMP_ISO8601:Timestamp}\t%{GREEDYDATA:Thread}\t%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}\t%{JAVACLASS:Logger}\t(?:[^\t]+\t)*%{GREEDYDATA:message}",
                     "(?<MDCs>.*\t)"
                    ]
+	  "source" => ["/var/log/onap/(?<componentName>[^/]+)/"]
     }
     overwrite => ["message"]
   }
-- 
cgit 1.2.3-korg