Assume that there is a field like:
Cmd=FolderSync&User=ABC&DeviceId=androidc737881212&DeviceType=Android&Log=V141
I can use mutate to split the field into an array.
it will just like ['Cmd=FolderSync....]
But I want to convert the array to a json-like object like:
{
“Cmd”: "FolderSync",
...
}
Or convert to fileds.
Is there any way can do this?
Use a kv filter. Its documentation contains an example of exactly what you want to do.
If kv conflicts with grok? Because I am trying to use grok parse the log. And then addressing the query field to jsonify.
If kv conflicts with grok?
It's not clear what you mean by this. Please give an example.
I have tried, it works. Thanks.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.