Jdbc_static filter parsing issue

Eswar_Kumar_Musiboin · June 26, 2018, 11:34am

my configuration file is

input {
  generator {
lines => [
  '{"from_ip": "10.2.3.20", "app": "foobar", "amount": 32.95}',
  '{"from_ip": "10.2.3.30", "app": "barfoo", "amount": 82.95}',
  '{"from_ip": "10.2.3.40", "app": "bazfoo", "amount": 22.95}'
]
count => 200
  }
}

filter {
  json {
source => "message"
  }

  jdbc_static {
loaders => [
  {
    id => "servers"
    query => "select ip, descr from local_ips order by ip"
    local_table => "servers"
  }
]
local_db_objects => [
  {
    name => "servers"
    index_columns => ["ip"]
    columns => [
      ["ip", "varchar(15)"],
      ["descr", "varchar(255)"]
    ]
  }
]
local_lookups => [
  {
    query => "select descr as description from servers WHERE ip = :ip"
    parameters => {ip => "[from_ip]"}
    target => "server"
  }
]
jdbc_driver_library => "C:\Users\TCML\Desktop\keycloak - iac\postgresql-9.4-1202.jdbc4.jar"
jdbc_driver_class => "org.postgresql.Driver"
jdbc_connection_string => "jdbc:postgresql://localhost:5432/example"
jdbc_user => "postgres"
jdbc_password => "root"
  }
}

output {
  stdout {
codec => rubydebug {metadata => true}
  }
}

and am getting output as

{
           "app" => "foobar",
      "sequence" => 199,
        "server" => [],
        "amount" => 32.95,
    "@timestamp" => 2018-06-26T11:30:35.650Z,
      "@version" => "1",
          "host" => "Eshwar",
       "message" => "{\"from_ip\": \"10.2.3.20\", \"app\": \"foobar\", \"amount\": 32.95}",
       "from_ip" => "10.2.3.20"
}
{
           "app" => "barfoo",
      "sequence" => 199,
        "server" => [],
        "amount" => 82.95,
    "@timestamp" => 2018-06-26T11:30:35.650Z,
      "@version" => "1",
          "host" => "Eshwar",
       "message" => "{\"from_ip\": \"10.2.3.30\", \"app\": \"barfoo\", \"amount\": 82.95}",
       "from_ip" => "10.2.3.30"
}
{
           "app" => "bazfoo",
      "sequence" => 199,
        "server" => [],
        "amount" => 22.95,
    "@timestamp" => 2018-06-26T11:30:35.650Z,
      "@version" => "1",
          "host" => "Eshwar",
       "message" => "{\"from_ip\": \"10.2.3.40\", \"app\": \"bazfoo\", \"amount\": 22.95}",
       "from_ip" => "10.2.3.40"
}

expected ouput is

{
           "app" => "bazfoo",
      "sequence" => 0,
        "server" => [
        [0] {
            "description" => "Payroll Server"
        }
    ],
        "amount" => 22.95,
    "@timestamp" => 2017-11-30T18:08:15.694Z,
      "@version" => "1",
          "host" => "Elastics-MacBook-Pro.local",
       "message" => "{\"from_ip\": \"10.2.3.40\", \"app\": \"bazfoo\", \"amount\": 22.95}",
       "from_ip" => "10.2.3.40"
}

and i am not getting the output in the server field

system · July 24, 2018, 11:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.