Decode and Add derived/custom fields

Mike_Labman · June 15, 2020, 5:52pm

I am brand new to elastic. I have regularly incoming data that has an encoded field, i.e.

{
id: 1,
time: "2020-06-15 13:45:00",
encoded: "AAIBdQYmaSUAoPy2Bbx7bP9QX4V3UKCHbYGfxjz"
}

I have external javascript that I use to decode that into something like this:

Field1:  "Hello"
Field2:  10.5
Field3:  75
Field4:  ...
etc.

I'm open to re-writing it in any language, but have no idea what the easiest tool to use or where to put the code. Not sure if this can be done with logstash or I need to bring in beats, or what?

Ranjith_M · June 15, 2020, 8:57pm

@Mike_Labman You can try decoding using logstash ruby filter. You can write custom logic in ruby filter.

Please refer to logstash ruby docs.

system · July 13, 2020, 8:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - adding new fields Logstash	3	4343	February 11, 2017
Trying to decrypt data but it is not working as expected Logstash	5	117	February 26, 2024
Base64 decode issue Logstash	3	981	December 26, 2022
Parsing Logstash Data Logstash	6	740	September 27, 2017
Logstash: Adding custom field to documennt Logstash	6	1176	August 8, 2018

Decode and Add derived/custom fields

Related topics