I HAVE AN ARRAY OF MAC ADDRESS THAT I WANT TO FILTER IN LOGSTASH. I want to make it as a new document for each value. Can anybody help me ?
{"message":"["9c:20:7b:25:23:0d","88:d5:0c:cd:e6:09","c8:f2:30:c6:9a:e0","f4:f5:db:1d:07:73","30:f7:72:30:90:f7","c0:9f:05:ff:9e:33","60:fe:1e:dd:b6:0f","e0:aa:96:b1:66:b0","90:21:81:da:1f:f7","b0:70:2d:78:0b:8b","80:57:19:30:fb:75"
Use a split filter.
i did but my elasticsearch is not getting any documents
I suggest you replace your elasticsearch output with output { stdout { codec => rubydebug } } and see what logstash prints to stdout.
Nobody here can say what is wrong with your configuration if you don't show us your configuration.
input {
beats{
port => 5044
}
}
filter {
json {
source => "message"
}
split {
field => "message"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}"
}
}
The input data as posted is not valid JSON. Please use </> in the toolbar above the editing pane to quote it so that formatting is preserved.
okay my bad , im so sorry im new to this thing.
i tried removing the json its still not working
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.