Decode and Add derived/custom fields

Mike_Labman · June 15, 2020, 5:52pm

I am brand new to elastic. I have regularly incoming data that has an encoded field, i.e.

{
id: 1,
time: "2020-06-15 13:45:00",
encoded: "AAIBdQYmaSUAoPy2Bbx7bP9QX4V3UKCHbYGfxjz"
}

I have external javascript that I use to decode that into something like this:

Field1:  "Hello"
Field2:  10.5
Field3:  75
Field4:  ...
etc.

I'm open to re-writing it in any language, but have no idea what the easiest tool to use or where to put the code. Not sure if this can be done with logstash or I need to bring in beats, or what?

Ranjith_M · June 15, 2020, 8:57pm

@Mike_Labman You can try decoding using logstash ruby filter. You can write custom logic in ruby filter.

Please refer to logstash ruby docs.

system · July 13, 2020, 8:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.