Dear Community,
we make a big step forward. We have push the data to elastic like below. But how can we define the type "nested" for elastig in the logstash config so that upcoming querys can work correctly?
ruby { code=> "
if event.get('STATUS_PROFIL') == nil
event.set('Modulstatus', nil)
else
event.set('Modulstatus', event.get('STATUS_PROFIL').split('|').collect { |t|
c=t.split ','
{
'Modul' => c[0],
'Statusnr_IM' => c[1],
'Statusmsgnr_IM' => c[2],
'Statusnr_IN' => c[3],
'Statusmsgnr_IN' => c[4],
'Statusnr_EX' => c[5],
'Statusmsgnr_EX' => c[6]
}
})
end
"
}