Work with nested fields in logstash elasticsearch filter

rodri.gz · October 4, 2021, 2:24pm

hello!

i want to enrich my data with the elastic filter .

i tried to keep de host.hostname fields of metricbeat without success with this:

elasticsearch {
    hosts => "https://xxxx:9200"
    index => "metricbeat"
    query => "[host][hostname]:%{server}"
    fields => { "[host][hostname]" => "server" }
    user => "yyyyy"
    password => "xxxxx"
    ca_file => 'xxxx/elasticsearch-ca.pem'
}

i tried it with host.hostname, host, hostname, [host.hostname], etc...

how does this filter works with nested fields?

thanks in advanced!

aaron-nimocks · October 4, 2021, 2:35pm

Untested. But try this.

    query => "host.hostname:%{[server]}"
    fields => { "host.hostname" => "server" }

This is based off previous filter I wrote.

filter {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "lookup"
    query => "_id:%{[kibana.saved_object.type]}\:%{[kibana.saved_object.id]}"
    fields => { "visualization.title" => "kibana.saved_object.title" }
    enable_sort => false
  }    
}

system · November 1, 2021, 2:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Pipeline Translate Filter Logstash	5	483	November 1, 2019
Logstash elasticsearch filter, query with nested field Logstash	2	707	August 2, 2019
Field added by Logstash Grok can't be used in Kibana filters Kibana	5	868	April 12, 2021
Mutate beats field Logstash	10	3633	March 14, 2017
Join two index ( metricbeat & business ) Logstash	3	219	October 26, 2021

Work with nested fields in logstash elasticsearch filter

Related Topics