Hi,
I'm trying to replace a string value (process status that has values like running or stopped) but i'm failing. I only want to update "running" as an 1 and "stopped" as a 0.
I've testing with filters like:
filter {
if [system.process.state] == "stopped" {
mutate { replace => { "system.process.state" => "0" } }
}
}
But always still viewing the string value running or stopped
thanks,
Do you really have periods in your fieldname, or should that be [system][process][state]?
I'm reading de document finally inserted on elasticsearch, is a json that has this syntax:
{
"_index": "metricbeat-6.5.4-2019.11.26",
"_type": "doc",
"_id": "T5UNp24BtRui5WSZ1hDF",
"_score": 1,
"_source": {
"@timestamp": "2019-11-26T09:32:11.390Z",
"meta": {
"cloud": {
"instance_name": "redis",
"project_id": "production",
"provider": "gce"
}
},
"metricset": {
"rtt": 39421,
"name": "process",
"module": "system"
},
"system": {
"process": {
"username": "redis",
"cwd": "/var/lib/redis",
"ppid": 1,
"pgid": 16714,
"state": "sleeping",
"memory": {
"share": 2695168,
"size": 1971220480,
"rss": {
"bytes": 1112805376,
"pct": 0.1418
}
}
}
},
"beat": {
"hostname": "redis",
"version": "6.5.4",
"name": "redis"
},
"host": {
"architecture": "x86_64",
"os": {
"family": "debian",
"codename": "stretch",
"platform": "debian",
"version": "9 (stretch)"
},
"id": "12ed2528bcc2bad5d928af1067fb84dc",
"containerized": false,
"name": "redis"
}
}
}
And i want to replace the system.process.state that could be running, stopped, etc to an integer value. But i don't know if i have to specifi the [_source] nor if I have to put the syntax [_source] [system] [process] [state] OR system.process.state
It is a nested field, so you should use [system] [process] [state] in logstash.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.