In my filebeat configuration, I am trying pass json file to filebeat and want specific fields in the json to filtered and passed to elasticsearch. I am not using logstash. Below is my filebeat config:
- type: log
paths:
- /var/log/test4*.json
json.keys_under_root: true
json.add_error_key: true
processors:
- decode_json_fields:
fields: ["header"]
process_array: false
max_depth: 1
Example of my json file:
{"header1": "nissan"},
{"header": "mazda"},
{"header": "honda","cars":[ "civic", "accord", "clarity" ] }
I would like only the following to sent to Elasticsearch.
{"header": "mazda"},
{"header": "honda"}