Store number of subfields into one field

deepsing · October 10, 2018, 10:56am

I have a field with name event.action.arguments in logs. There are the numbers of subfield under event.action.arguments.
eg:

{
	"event": {
		"action": {
			"arguments": {
				"First_argument": {
					"1st_sub": 123,
					"2nd_sub": "abc",
					"3rd_sub": "def",
					"4th_sub": "ghi",
					"5th_sub": "pqr",
					"6th_sub": "xyz"
				},
				"Second_argument": {
					"1st_sub": 123,
					"2nd_sub": "abc",
					"3rd_sub": "def",
					"4th_sub": "ghi",
					"5th_sub": "pqr",
					"6th_sub": "xyz"
				}
			}
		}
	}
}

I want to store entire content from event.action.arguments into single string in event.action.arguments_string. In this way, I will have all the arguments as one field in Elastic.

system · November 7, 2018, 11:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[RESOLVED] Is there a way to store the whole input as a subfield? Logstash	5	835	July 6, 2017
Logstash-extract multiple subfield values in multiple events Logstash	7	400	October 19, 2022
Best Way to create nested field Logstash	10	21024	July 6, 2017
Tie together events with subfields Logstash	2	1124	July 6, 2017
Logstash create and reference variables Logstash	1	257	November 4, 2020

Store number of subfields into one field

Related topics