Adding fields based on match

rusty_cole · July 20, 2022, 6:53am

Hi All,
I have the following scenario:
1 index containing json fields.
I need to match Event1_fieldA to Event2_fieldB.
If there is a match, add additional existing field from Event2 to Event1.
How would I achieve this?
Do I have to use logstash?
I tried playing with the aggregate filter but got nothing useful.
This is what I have so far:

if [somefield] == "somevalue" {
aggregate {
     task_id => "%{[fieldA][fieldB]}"
   code => "
     map['Test'] = event.get('additional existing field in Event2')
   "
   map_action => "create"
   end_of_task => true
   timeout => 3

 }    
 }

Any help would be greatly appreciated.

Thanks!

system · August 17, 2022, 6:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding new fields from a match [solved] Logstash	7	5405	May 10, 2019
Logstash aggregate/mutate Logstash	5	1142	July 18, 2020
Update an event fields based on another event Logstash	6	388	December 25, 2023
Logstash Combine two fields of different documents based on another field (without an ID) Logstash	3	444	May 29, 2020
Logstash "Duplicate field 'match' Logstash	1	546	August 10, 2021

Adding fields based on match

Related Topics