Create Empty array when logstash outputs

recordable542 · June 28, 2020, 12:10pm

input {
    jdbc {
        jdbc_driver_library => "..."
        jdbc_driver_class => "com.mysql.jdbc.Driver"
        jdbc_paging_enabled => true
        tracking_column => "unix_ts_in_secs"
        use_column_value => true
        tracking_column_type => "numeric"
        schedule => "* * * * *" 
        statement => "SELECT id, name, sex, animal_id, UNIX_TIMESTAMP(el_time) AS unix_ts_in_secs FROM users
        WHERE (UNIX_TIMESTAMP(el_time) > :sql_last_value AND el_time < NOW())
        ORDER BY el_time ASC"
    }
}

filter {
    mutate {
        copy => {
            ...
        }
        remove_field => ["..."]
        add_field => { "previous_matches" => "[]" }
    }
}

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "..."
        document_id => "%{[@metadata][_id]}"
    }
    stdout {
        codec => "rubydebug"
    }
}

What I want to do

I would like to create a empty array (field'previous_matches') when logstash outputs to elasticsearch

What is actually happening

Seems like elasticsearch interprets field "previous_matches" as string!

system · July 26, 2020, 12:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash creating an array when I add a string field that not exist yet Logstash	1	859	February 20, 2018
Logstash JDBC input : assigning timestamp column Logstash	3	2363	July 6, 2017
Append values to array field Logstash	3	3898	December 12, 2018
Logstash - set @timestamp from sql date column with JDBC input Logstash	4	4229	September 1, 2017
Logstash JDBC string column value to array data type Logstash	5	4085	July 6, 2017

Create Empty array when logstash outputs

What I want to do

What is actually happening

Related topics