SQS Output Plugin Data Mapping

Samarth_Prabhu · March 20, 2017, 11:02am

Does the SQS output plugin allow me to write only select data which was filtered in my "filter" plugin?

I would like to illustrate my question with a simple example :

A) My application produces logs as follows :
2016-07-11T23:56:42.000+00:00 INFO [MySecretApp.com.Transaction.Manager]:Starting transaction for session -464410bf-37bf-475a-afc0-498e0199f008

B) I have a filter plugin which parses the log message :
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log-level} [%{DATA:class}]:%{GREEDYDATA:rest_of_message}" }
}

C) The filter Matches as follows :
{
"rest_of_message" => "Starting transaction for session -464410bf-37bf-475a-afc0-498e0199f008",
"timestamp" => "2016-07-11T23:56:42.000+00:00",
"log-level" => "INFO",
"class" => "MySecretApp.com.Transaction.Manager"
}

D) I want to send only the "rest_of_message" field to the SQS. Is this possible?

magnusbaeck · March 21, 2017, 6:23am

No, but you can use the clone filter to clone events and trim down one of the copies and send that to the sqs output and the rest to whatever other outputs you have.

system · April 18, 2017, 6:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.