How to filter username data from the field of request , using scripted_field


(Mr.M) #1

Hi Guys,

Can help me solve my concern to filter username data thru scripted_field

username is located in the request_field of COMBINEAPACHE.

Example:

/api/v2/members/ y23228020 /wallets/0/balance ....
/api/v2/members/ py51171 /wallets ....


(Christian Dahlqvist) #2

Extracting this at search time for every document may be quite slow. I would recommend instead extracting and storing this in a separate field before the document is indexed into Elasticsearch. That will scale and perform much better.


(Mr.M) #3

Okay, so, what you mean here is, filtering should be done in the logstash level?


(Christian Dahlqvist) #4

Yes, extract it in Logstash.


(Mr.M) #5

@Christian_Dahlqvist

Can you help me how to achieved that? Any idea please, since I don't have much knowledge how to do that.

How to segregate the request field data and I'm using COMBINEAPACHE. Something like user-agent output separated the OS name and version etc. Thanks in advance.


(Christian Dahlqvist) #6

I think you will need to add a grok filter that extracts the relevant part from the request field.


(Mr.M) #7

Hi @Christian_Dahlqvist,

Its all good now. thanks for your idea.


(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.