I have managed to get some JSON into a target field in this manner: json { source => dataMsg target => justJSON }. I do not know how to access the field data to convert certain fields to floats or integers for use in Kibana. I am posting some of the data for reference. Shown below is a redacted out from rubydebug-
"justJSON" => [
[0] {
"dst_region" => "Washington",
"file_path" => "",
"cci" => 90,
"scan_type" => "Ongoing",
"type" => "nspolicy",
"_session_begin" => 1,
"ccl" => "excellent",
"dst_longitude" => -122.1205978394,
"dst_latitude" => 47.6800994873,
snip snip snip
I have tried various combinations of formats with no success . I have pasted my last attempt.
convert => {"[justJSON][src_latitude]" => "float"}
convert => {"[justJSON][dst_latitude]" => "float"}
convert => {"[justJSON][src_longitude]" => "float"}
convert => {"[justJSON][dst_longitude]" => "float"}
The problem is that the justJSON field is an array. You'll probably want to move the subfields of [justJSON][0] into the top level. You can probably do that with a mutate filter's rename option but then you need to enumerate all fields yourself. If the list of interesting fields is dynamic you'll have to ues a ruby filter.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.