Hallo all togehter,
i have build a new instance with icinga-beat->logstash->elasticsearch->kibana (all with the newest version)
Everything works fine, but i have a litte problem with split one string to an array.
The variable in want to split is "check_result.output" and an sample Output in Kibana would be "c:\ - total: 59.66 Gb - used: 47.92 Gb (80%) - free 11.73 Gb (20%) ". So now i want to split these string to an array (seperator should be "-")
I build up a new logstash.conf file with this filter:
filter {
mutate{
split => ["check_result.output", "-"]
add_field => {
"event" => "%{check_result.output[0]}"
"eventSource" => "%{check_result.output[2]}"
}
}
The new fileds get generated in the Kibana Dashboard, but the values from the array are not visible, it just shows: %{check_result.output[0]}