Hi Badger,
Thanks for the tip! I tried running what you gave me, but I receive a result I was not expecting. The following is my conf file and output screenshot:
input{
elasticsearch{
hosts => ["10.100.1.2:9200"]
index => "elastiflow-*"
query => '{"query": { "bool": { "must": {"match_all": {}}}}}'
}
}
filter{
ruby{
code => '
csvFields = []
event.to_hash.each {|k,v|
csvFields << k
}
even.set("[csvFields]", csvFields.to_s)
'
}
}
output{
stdout {
codec => plain {
format => "%{csvFields}"
}
}
}
Result:
Do you know what went wrong?
Thanks,
Eric