Decode and Add derived/custom fields

Mike_Labman · June 15, 2020, 5:52pm

I am brand new to elastic. I have regularly incoming data that has an encoded field, i.e.

{
id: 1,
time: "2020-06-15 13:45:00",
encoded: "AAIBdQYmaSUAoPy2Bbx7bP9QX4V3UKCHbYGfxjz"
}

I have external javascript that I use to decode that into something like this:

Field1:  "Hello"
Field2:  10.5
Field3:  75
Field4:  ...
etc.

I'm open to re-writing it in any language, but have no idea what the easiest tool to use or where to put the code. Not sure if this can be done with logstash or I need to bring in beats, or what?

Ranjith_M · June 15, 2020, 8:57pm

@Mike_Labman You can try decoding using logstash ruby filter. You can write custom logic in ruby filter.

Please refer to logstash ruby docs.

system · July 13, 2020, 8:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - adding new fields Logstash	3	4343	February 11, 2017
Logstash Custom Filter: How to access, fields of csv being uploaded in a custom filter Logstash	5	1369	July 6, 2017
Split filter and add_field encoding object to a JSON string Logstash	8	303	August 24, 2023
Ruby filter plugin does not read new field values Logstash	9	566	October 3, 2021
Add new fields Logstash	2	249	December 4, 2020

Decode and Add derived/custom fields

Related Topics