I need to add a new field as the first line of a multline message coming from filebeat to logstash?
Then from this line, a substring of this line as new field which I need to parse it as timestamp?
Thanks for your help.
Don't describe what you want to do, show examples instead.
Gotta agree with Magnusbaeck here, need a little more. Do you have a sample document you can share that you are trying to ingest? If you are just trying to add a new field, you can do that in the filter section with any of the filters, it's a common function to all of them.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.