Hoping I can get some ideas on how to go about fixing this issue I'm running into.
I'm on elastic 2.3.5, and it doesn't allow for fields to contain a .. I'm using the JSON filter in log stash to parse this data:
"network_throughput":{
"localhost://10.10.10.1:5000":{
"read":{
"message_count":"33",
"inflight_time":"3",
"read_throughput":"630900",
"write_throughput":"2244"
},
"existing_connectors":1
},
"localhost://10.10.10.2:5000":{
"read":{
"message_count":"33",
"inflight_time":"3",
"read_throughput":"630900",
"write_throughput":"2244"
},
"existing_connectors":1
},
Is there a way that I can search through my JSON and if I see the network_throughput field to mutate the localhost fields? I was trying to get it to do something like:
"localhost":{
"ip": "10.10.10.1:5000"
"read":{
"message_count":"33",
"inflight_time":"3",
"read_throughput":"630900",
"write_throughput":"2244"
},
"existing_connectors":1
I've spent the afternoon looking for ideas, but I haven't found anything that has got me even remotely close to what I'm looking for. Even rewriting the . as a _ would work at this point - Thanks!