Can logstash add array field to elasticsearch?

recordable542 · September 19, 2020, 7:09am

My Environment

mysql
logstash (with jdbc plugin) 7.8.0
elasticsearch 7.6.2

pipeline.yaml

...
statement => "SELECT id, name, location1, location2 FROM users;"
...

I have location1 and location2 column in mysql users table. I want to make them to one array field like...

statement => "SELECT id, name, location1, location2 FROM users;"

    filter {
        mutate {
            add_field => {
              "location" => "[%{location1}, %{location2}]"
            }
        }
    }

so that I can later query all users who ...
(location1 == "NY" or location2 == "NY") or (location1 == "NJ" or location2 == "NJ")

query: {"terms": {"location": ["NY", "NJ"]}}

system · October 17, 2020, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.