Hello, i'm using http filter to do api call to a rest api server. The data returned is json. it looks like this example:
{
a:{
b:{
c:{}
d:{}
e:{}
}
}
}
I want to prevent logstash from inputing c, d, and e to the elasticsearch field, so the field in elasticsearch will be a and a.b, with a.b field containing value of c,d,e. Any suggestion on how to do this?
the key is automatically mapped to a field in elasticsearch using dynamic mapping. What i want is the dynamic mapping to stop at field [a][b], and let the value of [a][b] to c,d,e, so it doesnt map [a][b][c], [a][b][d], [a][b][e] to a field. Can i do this at logstash level, or should i edit in the elasticsearch template?
i found the solution to what i want, although i found another problem. basically i want to make c,d,e not indexed as field column. So i use json_encode filter on field [a][b] to target field [a][x] and remove [a][b].
my json_encode:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.