Getting multiple fields out of agent

itschobot · February 24, 2022, 11:29pm

still new and learning filters... how would I get multiple fields out of agent?

"agent" => {
"hostname" => "2487b31167e2",
 "name" => "123b456c",
"ephemeral_id" => "123b456c",
"version" => "7.15.1",
   "id" => "123b456c",
 "type" => "filebeat"
},

Badger · February 24, 2022, 11:36pm

What do you mean by that?

itschobot · February 24, 2022, 11:43pm

as an example:

if I wanted to get

 "hostname => 2487b31167e2"
"ephemeral_id" => "123b456c",
"version" => "7.15.1",

would I have to do:

"agent" => "[agent][version]"
"agent" => "[ephemeral][id]"
"agent" => "[hostname]"

the json is nested within agent portion

itschobot · March 15, 2022, 8:22pm

To get multiple fields out of "agent" now that I've solved the issue is using the "add field" function.
this can be found in documentation and a good example I fell on was this video: How to use Logstash to parse and import JSON data into Elasticsearch - YouTube

system · April 12, 2022, 8:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash add_field issue Logstash	4	274	July 15, 2019
Extract a field from a text field Elasticsearch	2	312	June 24, 2022
Logstash filter - get field? Logstash	6	859	April 11, 2016
Removing fields from logstash Logstash	67	1885	October 6, 2023
Want a Logstash Filter to Parse the Agent Field in Apache Access Log Files Logstash	6	6901	July 6, 2017

Getting multiple fields out of agent

Related topics