Hi,
My json file has two different formats of data.
For simple visualization,
I have read the document before and heard there is "conditional" operation in logstash filter. I am wondering how do I actually map them separately based on the operation field in my json. So basically, I will treat the operation which is not "evaluateRisk" as one group and the rest as one group to do the parsing.
Please refer to the docs, which contain examples.
filter {
if [operation] == "evaluateRisk" {
# ...
} else {
# ...
}
}
Thank you so much.
May I ask one more question?
Will any property name which starts with "_" cause the conflict for ES internal mapping?(In my example, "_nestedCalls")
I don't know whether it's enforced or not (I'm not on the Elasticsearch team), but I do know that the underscore prefix is considered "reserved" for fields that carry special semantic meaning within the Elastic Stack, so it would be wise to avoid. Thankfully, we have the "rename" feature within the mutate filter plugin, which makes renaming fields pretty easy.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.