Hi,
I am trying to clone and aggregate, but I can't see any cloned or aggregated logs.
input {
beats {
port => 5044
}
}
filter {
json{
source => "message"
}
clone {
clones => ["clone"]
}
if [type] == "clone" {
aggregate {
task_id => "%{transactionId}"
code => "map['eventTimestamp'] = 0"
push_map_as_event_on_timeout => true
timeout => 10
}
}
}
output {
elasticsearch {
hosts => ["192.168.1.116:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
can someone see the problem?
In the logstash logs I am getting that the aggregation is success but I can't see any log from the kibana that fits the aggregation