Getting multiple fields out of agent

itschobot · February 24, 2022, 11:29pm

still new and learning filters... how would I get multiple fields out of agent?

"agent" => {
"hostname" => "2487b31167e2",
 "name" => "123b456c",
"ephemeral_id" => "123b456c",
"version" => "7.15.1",
   "id" => "123b456c",
 "type" => "filebeat"
},

Badger · February 24, 2022, 11:36pm

What do you mean by that?

itschobot · February 24, 2022, 11:43pm

as an example:

if I wanted to get

 "hostname => 2487b31167e2"
"ephemeral_id" => "123b456c",
"version" => "7.15.1",

would I have to do:

"agent" => "[agent][version]"
"agent" => "[ephemeral][id]"
"agent" => "[hostname]"

the json is nested within agent portion

itschobot · March 15, 2022, 8:22pm

To get multiple fields out of "agent" now that I've solved the issue is using the "add field" function.
this can be found in documentation and a good example I fell on was this video: How to use Logstash to parse and import JSON data into Elasticsearch - YouTube

system · April 12, 2022, 8:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.