I am trying to fetch cloudflare log data via API and want add a new field such as actor.email
in index.
My end goal is to add a new field in index having data in meaningful sentence like A user someone@email.com(actor.email) is removed from organisation
input {
http_poller {
urls => {
test2 => {
method => get
url => "https://api.cloudflare.com/client/v4/user/audit_logs"
headers => {
"X-Auth-Email" => "my@redacted.com"
"X-Auth-Key" => "API_key"
"Content-Type" => "application/json"
}
}
}
schedule => { cron => "* * * * * UTC"}
codec => "json"
}
}
filter {
split
{
field => "result"
}
mutate {
add_field => { "foo_%{somefield}" => "Hello world, from %{email}" }
}
}
output {
stdout { codec => rubydebug }
}
Here is my output where %{email }
should be populated with email address.
Can anyone help ?