Difference between dissect filter and dissect processor

sahishnu.patil · September 13, 2019, 1:22pm

What is the actual difference between dissect filter and dissect processor and they both seem to have same functionality and different syntax.

Syntax for dissect filter plugin .
filter {
dissect {
mapping => {
"message" => "%{ts} %{+ts} %{+ts} %{src} %{} %{prog}[%{pid}]: %{msg}"
}
}
}

Syntax for Dissect processor.
{
"dissect": {
"field": "message",
"pattern" : "%{clientip} %{ident} %{auth} [%{@timestamp}] "%{verb} %{request} HTTP/%{httpversion}" %{status} %{size}"
}
}

Badger · September 13, 2019, 2:50pm

A dissect filter runs in logstash. A dissect processor runs in elasticsearch. They can be used to do much the same thing.

system · October 11, 2019, 2:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.