I'm trying to create fields to measure request metrics from our profiler logs (i.e. number of requests, average request time, etc).
I have a filter with a grok match like such (shortened for simple understanding):
match = > {"message": {%WORD:request_type} {%NUMBER:num_of_requests:int}
for a log line with:
exampleRequestType 77
I want to create a nested field such as exampleRequestType.num_of_requests
so that I can associate the various input metrics I'm getting, as I have many request types. However, I get an error when i tried these two different methods:
match => { "message" : => %{WORD:request_type} %{NUMBER:[request_type][num_of_requests]:int}
or by using the original match but doing a mutate rename
:
rename => { "num_of_requests" => "[request_type][num_of_requests]" }
What is the correct way to do this? Thank you