Ingest pipeline unable to create new field from message data

pratikshatiwari · September 26, 2022, 5:57am

Hello Team,

We are trying to create an ingest pipeline using filebeat for below log pattern to create new field "elasticsearch.slowlog.took_millis="16"" from below slowlog message, but unable to find proper documentation from elastic which can help here.

elasticsearch index slow Log message as follow

[2022-09-26T05:50:17,970][WARN ][i.s.s.fetch ] [node-1] elasticsearch.slowlog.id="null" elasticsearch.slowlog.message="[indexname][0]" elasticsearch.slowlog.search_type="QUERY_THEN_FETCH" elasticsearch.slowlog.source="{}" elasticsearch.slowlog.stats="" elasticsearch.slowlog.took="16.7ms" elasticsearch.slowlog.took_millis="16" elasticsearch.slowlog.total_hits="106920 hits" elasticsearch.slowlog.total_shards="1"

Kindly suggest how i can achieve this

Regards
Pratiksha

system · October 24, 2022, 7:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.