Sample :
"message": [
"key1" : "value1",
"key2" : "value2",
"key3" : "value3",
"key4" : "value4",
"key5" : "value5",
"keyn" : "valuen"
]
i need to create the Additional Fields from each and every key in the message.Could some one help me out for this ?
Your example isn't valid JSON. What does message actually contain?
Hi Magnus,
my json object will be like this
{
"_index": "sample-log2018.03.19",
"_type": "cisco_logs",
"_id": "AEq-PmIBDCdfr1MDAWGD",
"_version": 1,
"_score": null,
"_source": {
"@version": "1",
"message": "CISCO log message",
}
i passed the Cisco log message to mutate -split to convert the string message into Array object.
mutate {
split => { "message" => ","}
}
But in this case message doesn't contain any commas so I'd expect us to end up with an array with one element. Right? And what do you want to do with that?
I would start with something like
dissect { mapping => { "message" => "%{ts} %{+ts} %{+ts} %{foo} %{bar}: %{therest}" } }
kv { source => "therest" field_split => "," value_split => ":" trim_key => " " }
Hi Badger,
Am i suppose to use the same code in my configuration file which you provided, ae do i need to perform any changes according to my text.
Could you please provide some useful links for disset plugin and how to use it
The documentation for dissect is here.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.