Hello everyone,
first of all i'm sorry if this common issue, but i really tried to solve it by myself.
but searching in web didn't help me, may be because i never used Logstash.
So i got request to receive "slowQuery" data from Mongodb OPS Manager Api and load them to Elasticsearch.
So at this moment it's work somehow and it quite enough for me, except one thing.
I can't use my api response date instead @timestamp in ELK, it's always put date of loading data to ELK.
I tried to use different ways with filter and date but still nothing
When i use browser to get method from api, response looks like:
> {"slowQueries":[{"line":"{"t":{"$date":"2023-02-09T19:18:06.568+06:00"},"s":"I", "c":"COMMAND", "id":51803, "ctx":"conn1161110","msg":"Slow query","attr":{"type":"command","ns":"harvester.ZabbixNew","command":{"getMore":4341464678045031103,"collection":"ZabbixNew","lsid":{"id"........
This is my conf file:
urls => {
Harvester => {
url => "api url"
headers => {
Accept => "application/json"
}
auth => {
user => "user"
password => "pass"
}
}
}
request_timeout => 60
schedule => { every => "200s"}
codec => "json"
type => "json"
}
}
filter {
json {
source => "message"
}
split {
field => "[slowQueries]"
}
mutate {
remove_field => ["[event][original]"]
}
date {
match => [ "[slowQueries][line][t]", "ISO8601" ]
target => @Timestamp
}
}
output {
elasticsearch {
hosts => servers
index => "logstash-mongodb-ops-manager-slow"
user => "user"
password => "pass"
}
stdout{codec => rubydebug }
}
and this how it' looks in Elastic
Will be appreciate for any help.
Thank you!