Hi, I recently started using Elastic and I'm having a problem. I am using a monitoring system for my tests to retrieve various data from the machines I am using. This monitoring system has an api that allows Logstash to retrieve information in JSON format.
My problem is the following: I would like the fields "device", "sensor", "lastvalue" to be grouped in the same field for example "test".
Moreover, there is a constraint with the following structure --> [sensors][number_of_sensors][device, sensor, lastvalue].
Example of what I get:{ "sensors" => [ [ 0] { "device" => "Probe Device", "lastvalue_raw" => 100.0, "lastvalue" => "100 %", "sensor" => "System Health", "message_raw" => "OK", "group" => "Local Probe", "status" => "Up" }, [ 1] { "device" => "Probe Device", "lastvalue_raw" => 100.0, "lastvalue" => "100 %", "sensor" => "Core Health", "message_raw" => "189 d (Age of Code) is above the warning limit of 90 d in Age of Code. Please consider upgrading to the latest version to improve security and stability", "group" => "Local Probe", "status" => "Warning" }, [ 2] { "device" => "Probe Device", "lastvalue_raw" => 100.0, "lastvalue" => "100 %", "sensor" => "Probe Health", "message_raw" => "OK", "group" => "Local Probe", "status" => "Up"
I would like to group the above fields for each "number_of_sensors" into a "test" field.
Thank you in advance for your answers.
Thank you in advance.