Agregation in logstash

Hi. I use agregation in logstash to concatenate string logs into one.
and my agregation field looks in kibana like:

{
"message": "2018-04-23 10:43:14.439 [I/O 23] http--30150 >> "Accept: application/json[\r][\n]""
},
{
"message": "2018-04-23 [I/O 23] http--30150 >> "User-Agent: Apache CXF 3.1.7[\r][\n]""
},
{
"message": "2018-04-23 [I/O 23] http--30150 >> "Content-Length: 0[\r][\n]""
},
{
"message": "2018-04-23 [I/O 23] http--30150 >> "Host: aaa[\r][\n]""
},
{
"message": "2018-04-23 [I/O 23] http--30150 >> "Connection: Keep-Alive[\r][\n]""
},
{
"message": "2018-04-23 [I/O 23] http--3ss0150 >> "[\r][\n]""

my config to agregate is:
aggregate {
task_id => "%{timestamp}"
code => "
map['timestamp'] = event.get('timestamp')
map['towns'] ||= []
map['towns'] << {'message' => event.get('message')}
event.cancel()
"
push_previous_map_as_event => true
timeout => 3
}

how to translate field above into
"2018-04-23 10:43:14.439 [I/O 23] http--30150 >> "Accept: application/json[\r][\n]""
"2018-04-23 [I/O 23] http--30150 >> "User-Agent: Apache CXF 3.1.7[\r][\n]""
etc...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.