Logstah http filter merge and add and array

Hi,
I am sending my data to a http url which I want to be in the below format:

{
"action":"EventsRouter",
"method":"add_event",
"data": [ 
{ "summary": Error 123", 
 "device":"device01",
 "message":" Error 123 , Application name: App01" ,
"severity":"error", 
 "evclasskey":"SybaseDBErrorLog Check blocking",
 "evclass":"/Status/JAPI/Sybase"
 }
 ],
"type": "rpc",
 "tid":1 
}

Here's my http filter so far,

filter
{
mutate {
add_field {"summary" => "[Message]"}}
mutate {
add_field {"device" => "[host]"}}
mutate {
add_field {"message" => "[Message]" "," "[ApplicationName]"}}   #is this correct?#
mutate {
add_field {"severity" => "[Severity]"}}
mutate {
add_field {"evclasskey" =>"SybaseDBErrorLog Check blocking"}}
mutate {
add_field {"evclass"=> "/Status/JAPI/Sybase"}}

http {
  body_format => "json"
  follow_redirects => false
  body => {
    "action" =>"EventsRouter",
    "method"=>"add_event"
    "data" => %{[array]}
    "type" => "rpc"
    "tid" => 1
  }
}

I do not know how to bring all the mutated fields under the data section in the http block.
How can i do it?

Im expecting to send these in an exec block with a curl command to my url.

output {
exec
{
command => "curl -u username:'password' -k https://url.com/zdmd/Events/evconsole_router -d %{request_body}"
}
}

I cannot use the HTTP output as there is a cacert issue with it.

Please help me define this right.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.