namali
September 27, 2019, 11:24am
1
two csv files are
hotel.csv
CountryCityLive.csv
taking all columns from hotel.csv and from CountryCityLive.csv only take CountryRegionCode.
translate {@metadata ][citycode]"@metadata ][citycode]" => "%{CountryRegionCode}" }}
But in data transferred in index has cityname data for CountryRegionCode.
and also following code not working if I want index with CityName and CountryRegionCode both
translate {@metadata ][citycode]"@metadata ][citycode]" => "%{CityName};%{CountryRegionCode}" }}
If the logs are coming in line-by-line, and we can be sure of the number of values each time, we could probably also just use a dissect?
Eg:
input{...}
filter {
dissect {
mapping => {
"message" => "%{citycode},%{CityName},%{CountryRegionCode},%{CountryCode}"
}
}
}
If you are definitely going to remove the other fields, and will never care about CountryRegionCode, we could also accumulate the useless fields:
input{...}
filter {
dissect {
mapping => {
"message" => "%{useless},%{+useless},%{CountryRegionCode},%{+useless}"
}
}
mutate {
remove_field => [ "useless" ]
}
}
Badger
September 27, 2019, 2:26pm
3
You don't need to accumlate them, just don't name them.
"message" => "%{},%{},%{CountryRegionCode},%{}"
1 Like
namali
September 28, 2019, 1:03pm
5
Thanks for the support, I'll try this as well
namali
September 30, 2019, 8:29am
6
tried both but given solution didn't work@metadata ][statecode]"@metadata ][statecode]" => "%{useless},%{+useless},%{CountryRegionCode},%{+useless}" }}
didn't get anything
translate {@metadata ][statecode]"
got fields as CityName and CountryRegionCode but the data are wrong from some other csv
translate {@metadata ][statecode]"@metadata ][statecode]" => "%{useless},%{CityName},%{CountryRegionCode},%{+useless}" }}
didn't get anything
system
October 28, 2019, 8:30am
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.