raged
May 8, 2019, 2:35pm
8
I tried this as well:
fields => { "[wmi][Win32_Computersystem][0][Model]" => zz }
But I end up with this event:
"model": null,
I have been digging into this and I found this post (I am not sure how to mutate like he mentioned, I did message him
I using the logstash-elasticsearch-filter to correlate events from Elasticsearch. Some of the fields that I need to return from the Elasticsearch hit are nested. I have been unable to retrieve these docs and the result is always null.
I am using Logstash 5.6.5 and ES 5.6.5.
Here is my configuration:
"fields" => {
"field.otherField.anotherField" => "p_time_gmt"
}
I have also tried:
[field][otherField][anotherField]
[field][otherField][0][anotherField]
…
Is there a limitation for logstash using a nested array property in a elasticsearch field property?
We are currently using version 6.4.3 of logstash.
) :