We have some logs where some critical information (such as username) is logged once at the beginning of a user's session (these are web applicaiton logs) and we'd like to associate this information in a field for all the following events associated with that same session_id. Is there a way to do this in logstash? I thought this would be something that would come up more commonly but I didn't turn up anything in any searches. The idea would be to store a value into a persistent hash that could then be retrieved on subsequent events. Typically, a session_id or similar would be used and there'd have to be some mechanism to delete the values from the hash to keep it from growing without bound. The closest filter I could find is the 'elapsed' filter.