For join I need split and aggregation

tomer · September 6, 2017, 8:52am

Hi in a different question I asked how to do "Join" and got an answer to do:

"to put in LS a split filter that will duplicate the logs. and on the duplicated part I will use the aggregation"

Now I started with the split filter and got stuck.

My configuration file looks like:

filter {
    json{
        source => "message"
    }
    split {
  
    }
}

Also I tried to do this with clone:

filter {
    json{
        source => "message"
    }
    clone {
        add_field => { "foo_%{transactionId}" => "Hello world, from me" }
    }
}

This did not duplicate my logs even though here it says that split always duplicates, can I get any help.
And the split does not duplicate my logs. The reason why I didn't add anything inside the "split" is b/c I don't want to add any tag or anything for this.

system · October 4, 2017, 8:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After Split again merge the json object Logstash	1	248	October 26, 2021
Split json array and apply filter Logstash	3	4533	July 6, 2017
Merge message with aggregate filter Logstash	10	1198	May 12, 2021
Help with Split Filter Logstash	4	227	July 6, 2021
Split filter and add_field encoding object to a JSON string Logstash	8	306	August 24, 2023

For join I need split and aggregation

Related topics