I need to convert a field to string so it does not create multiple fields and subfields in elasticsearch.
Reason is I get logs from a source I can't control and they are in the format
data: {
23423432_23434343: { ... }
}
data: {
450546540_3450345: { ... }
}
and thousands of that
so I now have thousands of fields in kibana which basically makes it unusable
so i created in my logstash conf
if [plaindata] {
mutate {
convert => { "plaindata" => "string" }
}
}
but I still get plaindata.foo.bar.baz fields
is what I tried the correct way to handle this problem?
What I need is plaindata as a searchable field as it can contain valuable debug information