Hi All,
I am currently enriching 4 fields using translate filter. I would like to know if it's possible to create an external ruby script with the following code.
Here is a code for one such field.
translate {
field => "[destinationHostName]"
destination => "[@metadata][key_exists]"
dictionary_path => "/u/elasticStack/data/enrich.csv"
fallback => "normal"
refresh_interval => 1
}
if [@metadata][key_exists] != "normal" {
dissect {
mapping => {
"[@metadata][key_exists]" => "%{category}~%{comment}~%{priority}~%{type}~%{eventid}"
}
}
mutate {
strip => ["comment"]
}
mutate {
add_field => { "event_description" => "Event %{category}: %{destinationHostName} %{priority}. event id %{eventid}, Comment: %{comment}" }
}
}
Thanks
Murali