I'm attempting to use the metrics filter to parse incoming logs, and to dispatch the results to influxdb using the Logstash output for Influx. The influx plugin requires a hard coded list of data points to send to InfluxDB, but since I'm extracting values from incoming logs (for example HTTP status codes) I don't know what the field names will be.
Has anyone had any success configuring the influx output to work with metrics of this form? I've tried using use_event_fields_for_data_points but this doesn't appear to work properly, since the data is not a string => string hash, but rather a string => hash:
{ "@version" => "1", "@timestamp" => "2016-06-01T16:32:06.390Z", "message" => "ip-10-0-28-93", "200" => { "count" => 2, "rate_1m" => 0.0, "rate_5m" => 0.0, "rate_15m" => 0.0 }, "400" => { "count" => 2, "rate_1m" => 0.0, "rate_5m" => 0.0, "rate_15m" => 0.0 }, "tags" => [ [0] "metric" ] }
The data_points field in the influx output would need to be in the form of {"200"=>2, "400"=>2} (if we use only the count of events and ignore the rate values)