I need to translate codes into descriptions

jjdepaul · September 22, 2015, 2:22pm

We are processing log files that track how orders flow through the fulfillment workflow. One of the elements we capture is the status code, which is a 2-3 character acronym which translates to a meaningful description - example: OR = Order Received, VS = Validation Successful, OF = Order Failed, etc.

I need to find a way to translate these codes (which may not mean anything to our users) into the descriptions which they represent. I plan on recording this info in ElasticSearch as output and Kibana to search/present results.

Is there concept of a lookup table concept in LS, or ES that I could apply to achieve this nicely?!

magnusbaeck · September 22, 2015, 2:29pm

Have a look at the translate filter.

jjdepaul · September 23, 2015, 3:51pm

It worked like a "charm"... thank you!

Here is my config, for future searchers:

filter {
  # Parse out the statusCode variable
      grok { 
          match => { 
            "message" => [ 
            "status=(%{WORD:statusCode})$"
                ] 
          } 
      }
      # Translate statusCode variable into statusDescription (new field)
      translate {
        field => "statusCode"
        destination => "statusDescription"
        dictionary_path => "order_status_codes.txt"
      }
}

and my YAML file is simply this:

CW: Waiting on Order Desk
CWS: Order Desk successfully completed.
CWF: Order Desk failed.