I am writing a logstash config file and a log I am receiving is giving me issues, the team sent me multiple logs merged into one eg.
message: [logitem(aaa=1, bbb=1, ccc=1), logitem(aaa=2, bbb=2, ccc=2), logitem(aaa=3, bbb=3, ccc=3)]
Would it be possible to split these log into 3 and insert them individually into elasticsearch? (3 records)
You can use a split filter to split an array into multiple events.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.