Access the request via Logstash - Map keys

Adam_Grimes · May 30, 2019, 1:02am

I have the following structure:

  "_index": "test",
  "_type": "_doc",
  "_id": "01",
  "_version": 1,
  "_score": 0,
  "_source": {
    "@timestamp": "2019-05-30T00:36:19.622Z",
    "type": "db_use",
    "tags": [
      "db_use"
    ],
    "doc_as_upsert": true,
    "@version": "1",
    "doc": {
      "rev": "1-cf46be7245acaed7d08150fb701e952a",
      "request": [
        {
          "divide": {
            "test": {},
            "header": {
             "header": [
             "Connection: close"
             "tipoMime": "JSON",
             "body": " "
            }
          },

I'm trying to get filters to access the request field to create searchable fields in header and body, but I can not create a filter to access the request. How could I proceed with this?

tests as unsuccessful=>

if "requests" in [tags] {
		mutate { add_field => { "@tes3" => "%{[doc]}" } }
	}
	if "doc" in [tags] {
		mutate { add_field => { "@tes4" => "%{[@metadata][_rev]}" } }
	}
	if [type] == "requests" {
		mutate { add_field => { "@tes5" => "%{requests}" } }

system · June 27, 2019, 1:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.