Logstah http filter merge and add and array

I am sending my data to a http url which I want to be in the below format:

"data": [ 
{ "summary": Error 123", 
 "message":" Error 123 , Application name: App01" ,
 "evclasskey":"SybaseDBErrorLog Check blocking",
"type": "rpc",

Here's my http filter so far,

mutate {
add_field {"summary" => "[Message]"}}
mutate {
add_field {"device" => "[host]"}}
mutate {
add_field {"message" => "[Message]" "," "[ApplicationName]"}}   #is this correct?#
mutate {
add_field {"severity" => "[Severity]"}}
mutate {
add_field {"evclasskey" =>"SybaseDBErrorLog Check blocking"}}
mutate {
add_field {"evclass"=> "/Status/JAPI/Sybase"}}

http {
  body_format => "json"
  follow_redirects => false
  body => {
    "action" =>"EventsRouter",
    "data" => %{[array]}
    "type" => "rpc"
    "tid" => 1

I do not know how to bring all the mutated fields under the data section in the http block.
How can i do it?

Im expecting to send these in an exec block with a curl command to my url.

output {
command => "curl -u username:'password' -k https://url.com/zdmd/Events/evconsole_router -d %{request_body}"

I cannot use the HTTP output as there is a cacert issue with it.

Please help me define this right.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.