Hi guys,
I'm working on a json log. I have extracted correctly json message from its entries and parsed it via json plugin in this way:
grok {
patterns_dir => ["/home/elastic/ELASTIC_55/logstash-5.5.0/config/patterns/extrapatterns"]
match => { "text" => "%{CUSTOM_JSON:json_request}" }
}
json {
source => "json_request"
tag_on_failure => ["errore_parser_json"]
target => "json_message"
}
This is what I get from logstash log (I set them to --debug):
json_message" => [
[0] {
"a_cruid" => "00-06",
"descrizione" => "test_descrizione",
"fornitore" => "SARBEC",
"ean" => "800291332",
"merceologia" => "tipo_merceologia",
"pvm" => "ap723",
"operation" => "richiesta_codifica_success"
}
]
An array type field. That's fine.
What I would like to do now is extracting a_cruid field's value and set it to a new correlazione field.
I have read event api documentation but, in my opinion, it's missing some detailed examples. I tried to write down a ruby filter code in these 2 ways, but I always get nil value
ruby {
code => 'event.set("correlazione", event.get("[json_message][1]"))'
}
ruby {
code => 'event.set("correlazione", event.get("[json_message][a_cruid]"))'
}
Can you plean help me in understanding better in what I'm wrong and suggest me the best approach to this?
Thanks in advance,
Andrea