Logstash get field from elasticsearch message

faoc · January 5, 2018, 6:34pm

Hi,

I have this message on ElasticSearch
{
"_index": "audit_201712",
"_type": "ccc",
"_id": "AWAsoVnydQqBAYNwSrNi",
"_score": null,
"_source": {
"resourceType": "AuditEvent",
"id": "4306b213-65a2-4ae1-b7e6-d1221fac321a",
"type": {
"system": "http://hl7.org/fhir/audit-event-type",
"code": "rest",
"display": "RESTful Operation"
},
"outcome": "2",
"outcomeDesc": "Accepted",
"agent": [
{
"name":"test"
"role": [
{
"coding": [
{
"system": "http://hl7.org/fhir/v3/ParticipationType",
"code": "AUT",
"display": "author (originator)"
}
]
}
]
]
}

Im using logstash to get data from ElasticSearch and save data (using logstash-output-jdbc) on mysql.
How can i, using logstash, get for example the field in _source.outcome or _source.agent[0].name?

magnusbaeck · January 6, 2018, 4:35pm

If you use an elasticsearch input the whole contents of _source will be available to filters and outputs. Without specifics on what you want to do I can't give a more specific answer.

faoc · January 6, 2018, 7:30pm

thank you.
i just want get the value of specific fields to add them on mysql insert statement... but I was not getting the value of the fields, because i didnt know the syntax ...

magnusbaeck · January 6, 2018, 9:05pm

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references

faoc · January 8, 2018, 9:35am

thank you...
i'm gonna try this

system · February 5, 2018, 9:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.