You can look at the
host_regex settings that can be used with the file
monitor stanzas in inputs.conf, to extract the source host from the file path.
FYI, and as a supplemental to the above answer, I keep my files in the following directory:
The filename structure is:
Now to extract the IP address portion of filename as a host, I used the following regex:
Voila! From the above examples I know have two hosts (10.152.58.100 & 10.152.58.194), along with all of the events that are hosted within the files 🙂
Hope this helps someone!