Hi,
is there a better way to create a nested field than my two step approach? Did not get it to work otherwise.
mutate {
add_field => {
"riemann" => { }
"riemannstate" => "critical"
"riemannservice" => "testservice"
"riemannmetric" => "1.0"
}
}
mutate {
rename => {
"riemannstate" => "[riemann][state]"
"riemannservice" => "[riemann][service]"
"riemannmetric" => "[riemann][metric]"
}
}
So
mutate {
add_field => {
"[riemann][state]" => "critical"
"[riemann][service]" => "testservice"
"[riemann][metric]" => "1.0"
}
}
doesn't work?
No, unfortunately not. With this approach I get the following result (ls 2.2.2)
{
"message" => "",
"@timestamp" => "2016-04-13T10:04:53.838Z",
"host" => "virtmachine",
"service" => "service",
"metric" => "1.0",
"state" => "critical"
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.