Hi in a different question I asked how to do "Join" and got an answer to do:
"to put in LS a split filter that will duplicate the logs. and on the duplicated part I will use the aggregation"
Now I started with the split filter and got stuck.
My configuration file looks like:
filter {
json{
source => "message"
}
split {
}
}
Also I tried to do this with clone:
filter {
json{
source => "message"
}
clone {
add_field => { "foo_%{transactionId}" => "Hello world, from me" }
}
}
This did not duplicate my logs even though here it says that split always duplicates, can I get any help.
And the split does not duplicate my logs. The reason why I didn't add anything inside the "split" is b/c I don't want to add any tag or anything for this.