Hello
I would like to clean sql statements that im indexing into elastic
Any recommended method?
As it is not clear what your requirements are it is hard to give advice. If you have complex requirements and Logstash does not fit you might be better off creating a script.
I am afraid I do not understand. If you require a lot of flexibility it might be easier to build a script or application using one of the language clients.
It may help if you give some examples of what you are looking to do and what you expect the result to be.
I just assume that it's a common problem when ingesting logs as well, and I wonder how others deal with that using elastic (if any).. for example
if theoretically you have the following code in a C# app, which are being streamed into elastic.
System.Diagnostics.Trace.WriteLine("User" + UserId + " have done a deposit of " + amount)
now you want to group by log message, but you have lots of combinations of userId/ amount.
I think my example is simple:
imagine I got 3 messages inserted into a field named "sql"
- "select * from profile where userid=123456"
- "select * from profile where userid=456789"
- select * from profile where userid=1255"
now I want to count messages and get the following (hopefully terms aggregation )
"select * from profile where userid=", doc_count=3
hope it's clear
OK. I misunderstood and thought you wanted to index data based on running SQL statements.
If the data comes from logs you should look at grok and dissect filters in Logstash or possibly to use these filters in an ingest pipeline in Elasticsearch.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.