Hi,
I am sending my data to a http url which I want to be in the below format:
{ "action":"EventsRouter", "method":"add_event", "data": [ { "summary": Error 123", "device":"device01", "message":" Error 123 , Application name: App01" , "severity":"error", "evclasskey":"SybaseDBErrorLog Check blocking", "evclass":"/Status/JAPI/Sybase" } ], "type": "rpc", "tid":1 }
Here's my http filter so far,
filter { mutate { add_field {"summary" => "[Message]"}} mutate { add_field {"device" => "[host]"}} mutate { add_field {"message" => "[Message]" "," "[ApplicationName]"}} #is this correct?# mutate { add_field {"severity" => "[Severity]"}} mutate { add_field {"evclasskey" =>"SybaseDBErrorLog Check blocking"}} mutate { add_field {"evclass"=> "/Status/JAPI/Sybase"}} http { body_format => "json" follow_redirects => false body => { "action" =>"EventsRouter", "method"=>"add_event" "data" => %{[array]} "type" => "rpc" "tid" => 1 } }
I do not know how to bring all the mutated fields under the data section in the http block.
How can i do it?
Im expecting to send these in an exec block with a curl command to my url.
output { exec { command => "curl -u username:'password' -k https://url.com/zdmd/Events/evconsole_router -d %{request_body}" } }
I cannot use the HTTP output as there is a cacert issue with it.
Please help me define this right.