Hi everyone,
I have date on the first line of my log . The subsequent lines only contain time. I would need to prefix date to each of the subsequent lines .
Please suggest an enrichment plugin that fits my requirement. I am pararelly browsing to see if I can find something that fits me.
Regards,
Pavan
It sounds like the Aggregate plugin may do what you need.
If aggregate does not work you could resort to ruby.
Thanks in advance. I will try this out and let you know
Looks like aggregate is only for aggregating information spread across multiple events. I just want to prefix a string before every event . I will see what is available
sorry, I didn't notice your reply until now. I thought you needed to take the date from the first line, then add that to all the subsequent lines. is that not the case?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.