Make logstash filter map field differantly based on the value

yishain11 · February 27, 2018, 2:16pm

Hi everyone!
I'm using the ELK 6 stack, and I have tranactions JSON structure like so:

[
{
  "fieldId": "PK_NEWJOURNAL",
  "fieldType": "NUMBER",
  "fieldValue": "1235543",
  "fieldChanged": "Y"
},
{
  "fieldId": "OFFICE",
  "fieldType": "CHAR",
  "fieldValue": "NULL",
  "fieldChanged": "Y"
},
{
  "fieldId": "UPDATE_DATE",
  "fieldType": "DATE",
  "fieldValue": "2017-12-07 05:09:54+03:000",
  "fieldChanged": "Y"
},
{
  "fieldId": "ENDDATE",
  "fieldType": "DATE",
  "fieldValue": "NULL",
  "fieldChanged": "Y"
},
{
  "fieldId": "USERNAME",
  "fieldType": "VARCHAR2",
  "fieldValue": "blah123",
  "fieldChanged": "Y"
},
....
]

Now, I want logstash/elasticsearch to map the "fieldValue" according to the type of "fieldType", meaning that if the fieldType in the same object is "VARCHAR2" so "fieldValue" will be saved as text, and if its "NUMBER" that it should be "number".

Can this be done?

My problem is that currently everything is saved as text, and I can't visualize anything in kibana.
Any help will be appreaciated...

magnusbaeck · February 27, 2018, 2:33pm

You'll have to use different fields. An Elasticsearch field needs to be mapped either as a number or a string (or some other data type).

system · March 27, 2018, 2:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How map datatype dynamically for fields as per input logs in elasticsearch Logstash	2	731	April 12, 2017
Changing field types Elasticsearch	9	4527	July 5, 2017
How to change the datatype of field in elastic search Logstash	9	10511	July 6, 2017
Mutate a field depending on field type Logstash	3	4604	July 6, 2017
Parsing Logstash Data Logstash	6	740	September 27, 2017

Make logstash filter map field differantly based on the value

Related topics