Can I decode the values in Logstash

sjabiulla · May 20, 2019, 10:52am

Hi,

I have the key value pairs in the log message and I want to do data mapping before indexing the data to ElasticSearch.

Sample Log Message 1: operation=1 timetaken=50
Sample Log Message 2: operation=2 timetaken=100

I want the output in ElasticSearch to be as below.

{
 {
   "operation" : "ABC",
   "timetaken" : "50"
 },
 {
   "operation" : "XYZ",
   "timetaken" : 100
 }
}

I want to map operation values as 1 to ABC & 2 to XYZ . Is this possible with any filters ?

Badger · May 20, 2019, 11:06am

You could try using a kv filter to parse the message and then a translate fitler to map the values.

sjabiulla · May 20, 2019, 11:34am

Thank you. That should work

system · June 17, 2019, 11:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.