Does the SQS output plugin allow me to write only select data which was filtered in my "filter" plugin?
I would like to illustrate my question with a simple example :
A) My application produces logs as follows :
2016-07-11T23:56:42.000+00:00 INFO [MySecretApp.com.Transaction.Manager]:Starting transaction for session -464410bf-37bf-475a-afc0-498e0199f008
B) I have a filter plugin which parses the log message :
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level} [%{DATA:class}]:%{GREEDYDATA:rest_of_message}" }
}
C) The filter Matches as follows :
{
"rest_of_message" => "Starting transaction for session -464410bf-37bf-475a-afc0-498e0199f008",
"timestamp" => "2016-07-11T23:56:42.000+00:00",
"log-level" => "INFO",
"class" => "MySecretApp.com.Transaction.Manager"
}
D) I want to send only the "rest_of_message" field to the SQS. Is this possible?