I have the following structure:
"_index": "test",
"_type": "_doc",
"_id": "01",
"_version": 1,
"_score": 0,
"_source": {
"@timestamp": "2019-05-30T00:36:19.622Z",
"type": "db_use",
"tags": [
"db_use"
],
"doc_as_upsert": true,
"@version": "1",
"doc": {
"rev": "1-cf46be7245acaed7d08150fb701e952a",
"request": [
{
"divide": {
"test": {},
"header": {
"header": [
"Connection: close"
"tipoMime": "JSON",
"body": " "
}
},
I'm trying to get filters to access the request field to create searchable fields in header and body, but I can not create a filter to access the request. How could I proceed with this?
tests as unsuccessful=>
if "requests" in [tags] {
mutate { add_field => { "@tes3" => "%{[doc]}" } }
}
if "doc" in [tags] {
mutate { add_field => { "@tes4" => "%{[@metadata][_rev]}" } }
}
if [type] == "requests" {
mutate { add_field => { "@tes5" => "%{requests}" } }