hello,
sorry, I did ask this before (in Logstash's group) but I lost it from my
emails and can't seem to find out from public archives. It's more
ES-centered though.
When we add custom fields to parse our logs, logstash appends the string
'@fields' to those new fields and will have an output as below:
{"@source":"file://loghost/logs/remote/mail/mail.log","@tags":["mx-mail","mx-mail3"],"@fields":{"date":["Aug
5
00:24:10"],"host":["mx-mail3"],"service":["postfix/smtpd[11985]"],"program":["postfix/smtpd"],"pid":["11985"],"message":["connect
from
unknown[113.160.101.48]"]},"@timestamp":"2013-08-05T00:24:10-04:00","@source_path":"/logs/remote/mail/mail.log","@source_host":"loghost","@message":"connect
from unknown[10.0.4.27]","@type":"postfix"}
In order to map the @fields.date, @fields.host etc, I've created a mapping
as in the below link:
Could you please verify if it's correct?
Thanks,
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.