Ingest pipeline unable to create new field from message data

pratikshatiwari · September 26, 2022, 5:57am

Hello Team,

We are trying to create an ingest pipeline using filebeat for below log pattern to create new field "elasticsearch.slowlog.took_millis="16"" from below slowlog message, but unable to find proper documentation from elastic which can help here.

elasticsearch index slow Log message as follow

[2022-09-26T05:50:17,970][WARN ][i.s.s.fetch ] [node-1] elasticsearch.slowlog.id="null" elasticsearch.slowlog.message="[indexname][0]" elasticsearch.slowlog.search_type="QUERY_THEN_FETCH" elasticsearch.slowlog.source="{}" elasticsearch.slowlog.stats="" elasticsearch.slowlog.took="16.7ms" elasticsearch.slowlog.took_millis="16" elasticsearch.slowlog.total_hits="106920 hits" elasticsearch.slowlog.total_shards="1"

Kindly suggest how i can achieve this

Regards
Pratiksha

system · October 24, 2022, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest pipeline drops the field as @timestamp while loading Elasticsearch's server and slowlog using filebeat Beats filebeat	10	1449	October 5, 2020
Filebeat with customized config and ingest_pipeline Elastic Cloud on Kubernetes (ECK)	4	464	December 2, 2022
Filebeat pipeline for elasticsearch slowlog not indexing/parsing slowlog_took (slowlog.duration) Beats filebeat	1	424	October 22, 2020
Create new Fields to Filter by Beats filebeat	3	376	September 10, 2019
Elasticsearch Module - Slowlog field mapping Beats filebeat	2	352	January 9, 2020

Ingest pipeline unable to create new field from message data

elasticsearch index slow Log message as follow

Related topics