Hello,
I want to add a field composed of some other fields, like this:
suppose we have fields
"name": [
"XX"
],
"adress": [
"584"
],
I want to add a field like that:
"person" : [
{"name": "XX"
"adress":"584"}
]
I've trayed that filter:
mutate {
add_field => {"person"=> [" "name":"%{name}",{"adress":"%{adress}"} "]}
}
it doesn't work because it's not correct !
Thank you for your help.
The syntax is incorrect. Try the following:
mutate {
add_field => {"person"=> ["%{name}","%{adress}"]}
}
Hello, thank you for the help. I've trayed this but it doesn't give the result I need.
I want to create a complex object like this:
"person" : [
{ "name" : "John",
"adress" : "Doe"
},
{ "name" : "Mary",
"adress" : "Smith"
}
]Is there any help please.
Please provide your information in a structured manner as I'm a bit confused.
Let me know if this is what you mean.
Mary Smith
John Lee
"name" : "Mary"
"adress" "Smith"
"person" : [
{ "name" : "Mary",
"adress" : "Smith"
},
Yes, suppose we have created fields from an input file:
"name":"Mary" and "adress":"Smith"
I want to create a third field person which is composed of name and adress fields.
"person" : [
{ "name" : "Mary",
"adress" : "Smith"
}]
There is an easier way. You can create the person object with the name and adress in one step. I would recommend doing that instead of creating them in two separate steps.
filter{
grok {
match => [ "message", "%{WORD:[person][name]} %{WORD:[person][adres]}" ]
}
}
as result of this filter:
"person": {
"name" : "Mary",
"adress" : "Smith"
}
I want person be a list:
"person": [{
"name" : "Mary",
"adress" : "Smith"
},
{"name" : "XX",
"adress" : "154"}]
My grok filter will create a person array list.
If you have Mary Smith and John Smith it will look like
"person": [{
"name" : "Mary",
"adress" : "Smith"
},
{"name" : "John",
"adress" : "Smith"}]
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.