Hi there,
a new log comes in, and i query my Elasticsearch Cluster to find a match with an existing document:
filter
{
if[type] == 'aaa' {
elasticsearch {
hosts => ["10.10.10.10"]
query => "SYSTNO:%{message}"
works fine, but
Now i want copy from the existing ES document (with the match SYSTNO:message) another field to the new incoming log.
fields => ["location", "newfield"]
(the fields SYSTNO and location are in the same existing document in the es-cluster)
But the the field "newfield" stays empty.?
Can somebody help me?
thx