Difference between dissect filter and dissect processor

sahishnu.patil · September 13, 2019, 1:22pm

What is the actual difference between dissect filter and dissect processor and they both seem to have same functionality and different syntax.

Syntax for dissect filter plugin .
filter {
dissect {
mapping => {
"message" => "%{ts} %{+ts} %{+ts} %{src} %{} %{prog}[%{pid}]: %{msg}"
}
}
}

Syntax for Dissect processor.
{
"dissect": {
"field": "message",
"pattern" : "%{clientip} %{ident} %{auth} [%{@timestamp}] "%{verb} %{request} HTTP/%{httpversion}" %{status} %{size}"
}
}

Badger · September 13, 2019, 2:50pm

A dissect filter runs in logstash. A dissect processor runs in elasticsearch. They can be used to do much the same thing.

system · October 11, 2019, 2:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dissect Processor not working correctly in elastic search Elasticsearch	9	720	June 23, 2020
Logstash with two dissect - only the first dissect is used now and then Logstash	2	392	January 20, 2022
Grok vs disect? Logstash	1	292	February 20, 2020
DIfference between grok and dissect? Logstash	1	279	November 7, 2020
Dissect vs. GROK + other tweak questions Logstash	2	1465	April 17, 2018

Difference between dissect filter and dissect processor

Related topics