Hello, I am using the ELK stack to parse and index log files and am currently trying to configure the way the data is indexed.
I currently have a piece of code that looks like this:
(the spacing has been reformatted to fit the message)
curl -XPUT 'URL' -d '{
"trigger" : { "schedule" : { "interval" : "10s" } },
"input" : {
"search" : {
"request" : {
"indices" : [ "edge2016" ],
"body" : {
"query" : {
"bool" : {
"must" : [
{ "match" : {"message": "ORA600" } },
]
}
}
}
}
}
},
"condition" : {
"compare" : { "ctx.payload.hits.total" : { "gt" : 0 }}
},
"actions" : {
"index_payload" : {
"index" : {
"index" : “HARD CODED CUSTOMER NAME",
"doc_type" : "my-type"
}
}
}
}’
I would like to be able to use a variable from the data to set the index.
So it would look something like this:
"index" : {
"index" : "variable from data field $CustomerName",
}
Is this at all possible?
Many Thanks,
Matt