Hi, I have these fields and values in my log in differnet lines::
line 1:
date ==> "z_ac"
z_ac ==> "2024-07"
line 2:
date ==> "z_bc"
z_bc ==> "2024-07"
line 3:
date ==> "z_dc"
z_dc ==> "2024-07"
...............................................
and I want to used "date" to access to "2024-07", can i use nested field's values?
if I use %{%{date}} , the output will be %{%{date}}, while it is expected to be "2024-07"
any guild will be so appreciated
I cannot think of a way to do it without using ruby
ruby { code => 'event.set("someField", event.get(event.get("date")))' }
thanks for your reply. it doesn't work . I used below code
ruby {
code => 'event.set("MyDate", event.get(event.get("date")))'
}
and output is 'nil'
The code works, but you may need to add error checking. For example,
input { generator { count => 1 lines => [
'{ "date": "z_ac", "z_ac": "2024-07" }',
'{ "date": "z_bc" }' ] codec => json }
}
output { stdout { codec => rubydebug { metadata => false } } }
filter {
ruby { code => 'event.set("someField", event.get(event.get("date")))' }
}
will produce
{
"@timestamp" => 2024-07-11T10:02:19.930464180Z,
"z_ac" => "2024-07",
"someField" => "2024-07",
"date" => "z_ac",
"@version" => "1"
}
{
"@timestamp" => 2024-07-11T10:02:19.932857099Z,
"someField" => nil,
"date" => "z_bc",
"@version" => "1"
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.