vtst2412
November 21, 2015, 7:58pm
8
I'm trying to do something similar to this:
pipe the content of "message" to a new field "raw"
Add new fields by accessing the nested content inside of the original raw data
The fat lady sings?
Not quite. rubydebug output looks fine, but when I switch over to ES output, the fields do not resolve as expected.
input {
file {
type => "json"
path => "/home/user/json/test.json"
#codec => json
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
json {
source => "message"
target => "raw"
add_field => {
"Name" => "%{[raw][0][content][0][data][Name]}"
"Issues" => "%{[raw][0][content][0][data][Issues]}"
"Serial" => "%{[raw][0][content][0][data][Serial]}"
"Model" => "%{[raw][0][content][0][data][Model]}"
"…
Did you encounter this problem?