How to filter username data from the field of request , using scripted_field

Hi Guys,

Can help me solve my concern to filter username data thru scripted_field

username is located in the request_field of COMBINEAPACHE.

Example:

/api/v2/members/ y23228020 /wallets/0/balance ....
/api/v2/members/ py51171 /wallets ....

Extracting this at search time for every document may be quite slow. I would recommend instead extracting and storing this in a separate field before the document is indexed into Elasticsearch. That will scale and perform much better.

Okay, so, what you mean here is, filtering should be done in the logstash level?

Yes, extract it in Logstash.

@Christian_Dahlqvist

Can you help me how to achieved that? Any idea please, since I don't have much knowledge how to do that.

How to segregate the request field data and I'm using COMBINEAPACHE. Something like user-agent output separated the OS name and version etc. Thanks in advance.

I think you will need to add a grok filter that extracts the relevant part from the request field.

Hi @Christian_Dahlqvist,

Its all good now. thanks for your idea.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.