Adding fields based on match

rusty_cole · July 20, 2022, 6:53am

Hi All,
I have the following scenario:
1 index containing json fields.
I need to match Event1_fieldA to Event2_fieldB.
If there is a match, add additional existing field from Event2 to Event1.
How would I achieve this?
Do I have to use logstash?
I tried playing with the aggregate filter but got nothing useful.
This is what I have so far:

if [somefield] == "somevalue" {
aggregate {
     task_id => "%{[fieldA][fieldB]}"
   code => "
     map['Test'] = event.get('additional existing field in Event2')
   "
   map_action => "create"
   end_of_task => true
   timeout => 3

 }    
 }

Any help would be greatly appreciated.

Thanks!

system · August 17, 2022, 6:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add field dynamically based on different match Logstash	1	284	April 4, 2019
Adding new fields from a match [solved] Logstash	7	5409	May 10, 2019
Add new field based on value in event_data Beats winlogbeat	3	797	September 29, 2017
Logstash aggregate/mutate Logstash	5	1147	July 18, 2020
Update an event fields based on another event Logstash	6	394	December 25, 2023

Adding fields based on match

Related topics