I am trying to store data in array field of elasticsearch from logstash
Raw JSON event :
{"user-metadata":{"tags":["BCT-LTP-G109","Elasticsearch","logstash"]},"data":"abc def xyz"}
I want to take "tags" field out as a separate field with name "user_tags" and then store this into elasticsearch.
Current Logstash config: Filter Part
mutate {
add_field => { "user_tags" => "%{user-metadata[tags]}" }
}
mutate {
gsub => [
"user_tags", "," ,'","',
"user_tags", "^" ,'["',
"user_tags", "$" ,'"]'
]
}
Hmm, yes. Logstash's configuration language isn't very good at this. I'd use a ruby filter. This code should work:
event.set('user_tags', event.get('[user-metadata][tags]'))This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.