Hi,
I want to join and map a CSV content to existent logs in elasticsearch :
My CSV contain : ClientName, ClientID
My logs contain : ClientID, ClientMessage....
I wonder if it's possible to join the CSV content so that i will have logs like this en ELK :
ClientID, ClientName, ClientMessage,...
Thx
Look at the translate filter, it can use CSV files as the lookup source. NOTE: the numeric ClientID will need to be in quotes and be the first column without a CSV header.
e.g.
"10001", Needs account renewal
"12004", Overpaid $100.00 on Jun 2017 invoice
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.