How can i get "Elasticsearch Filter Plugin" result in json list in C#

Elastic Stack Logstash
1

hi every one , i have a query like this in my logstash "elasticsearch plugin " :

here is the logstash config file ::

if[type] == "mytype"
	{
		elasticsearch
		{
				hosts => ["192.168.1.1:9200"]
				index => "my_index"
				query_template => "myQuery.json"
		fields  => 
			{ 		
                      "id" => "find_id",	                     		
			  "@timestamp"  => "find_@timestamp" 
			} 
		}
	}

and this one is myQuery.json file ::

{
  "query": {
    "match_all": {}
   }
}

and the issue is my result ::

"find_id": [1,2,3,4,5,6,7,8,9,10]

"find_@timestamp":> ["2018-05-28T05:28:13.117Z", "2018-05-28T05:39:24.493Z", "2018-05-28T05:39:49.463Z", "2018-05-28T05:49:15.383Z", "2018-05-28T06:55:56.366Z", "2018-05-28T08:21:00.996Z", "2018-05-28T08:21:26.024Z", "2018-05-28T05:43:38.502Z", "2018-05-28T05:43:47.080Z", "2018-05-28T05:48:55.364Z"]

I want to get result to get that way :

{["find_id":"1",@timestamp: 2018-05-28T05:49:15.383Z, other fields],
["find_id":"2",@timestamp: 2018-03-22T05:49:15.383Z, other fields]}

how can i get this result from" logstash elasticsearch filter plugin "

2

any comment ??????????

3

I cannot think off the top of my head how to get that, but this would give you an array of arrays.

    ruby { code => "
        i = event.get('find_id')
        t = event.get('find_@timestamp')
        a = []
        i.each_index { |k|
            n = [ i[k], t[k] ]
            a << n
        }
        event.set('arrayOfArrays', a)
        "
    }
4

tHANK yOU sO mUCH !

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.