Hi Guys,
since I didn't find anything helpful on the net - I need to ask here:
Is it possible to do the Mapping of fields directly in the Logstash Pipeline - either in the Input or in the Filter section?
As I do have a couple fields to populate, I want to make sure they're correctly mapped.
I'm looking to achieve something like that:
input {
syslog {
port => 1514
}
}
filter {
mappings => {
"MWG_ClientIP" => "ip"
"MWG_RequestMethod" => "text"
"MWG_BytesFromServer" => "long"
"MWG_BytesFromClient" => "long"
"MWG_URL" => "wildcard"
}
ouput {}
This is just a sample of what I'm trying to achieve, and I also removed a couple things, which aren't really that important for that question.
If I cannot do the Mapping directly in one step while processing the Data, I guess the only other two Options I have left are:
-) Create the Mapping within the DevTools before creating the Index itself
or
-) create an Index Template and do the mapping there, right?
Any help/input is highly appreciated.