@Badger i have 3 different filters configured,
filter
{
json { source => "message" }
split { field => "results" }
prune { blacklist_names => [ "command", "host", "message" ] }
}
This is my document,
"results": [
{
"IPAddress": "1.9.7.2",
"Caption": "APPV1",
"NodeID": 1,
"DNS": "appv1.global.com",
"Vendor": "Windows",
"Location": "",
"MachineType": "Windows 2016 Server",
"StatusDescription": "Node status is Up, One or more application monitors is Down, Intel(R) 82574L Gigabit Network Connection #2 · eth2 is in an Unknown state, One or more AppInsight for IIS monitors is in an Unknown state.",
"Status": 1,
"Severity": 5001,
"TotalMemory": 6.871887E+10,
"PercentMemoryUsed": 30,
"CPUCount": 25,
"CPULoad": 28,
"LastBoot": "2020-05-26T14:25:00.0000000",
"StatusLED": "Up.gif "
},
If i try to ingest 2000 documents its working, when the count goes above 2000 then its throwing error.
Thanks
Gautham