Work with nested fields in logstash elasticsearch filter

rodri.gz · October 4, 2021, 2:24pm

hello!

i want to enrich my data with the elastic filter .

i tried to keep de host.hostname fields of metricbeat without success with this:

elasticsearch {
    hosts => "https://xxxx:9200"
    index => "metricbeat"
    query => "[host][hostname]:%{server}"
    fields => { "[host][hostname]" => "server" }
    user => "yyyyy"
    password => "xxxxx"
    ca_file => 'xxxx/elasticsearch-ca.pem'
}

i tried it with host.hostname, host, hostname, [host.hostname], etc...

how does this filter works with nested fields?

thanks in advanced!

aaron-nimocks · October 4, 2021, 2:35pm

Untested. But try this.

    query => "host.hostname:%{[server]}"
    fields => { "host.hostname" => "server" }

This is based off previous filter I wrote.

filter {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "lookup"
    query => "_id:%{[kibana.saved_object.type]}\:%{[kibana.saved_object.id]}"
    fields => { "visualization.title" => "kibana.saved_object.title" }
    enable_sort => false
  }    
}

Topic		Replies	Views
Logstash elasticsearch filter, query with nested field Logstash	2	734	August 2, 2019
Getting Nested Fields Elasticsearch Filter Logstash	2	1025	March 4, 2018
Logstash - Nested fields Logstash	9	25727	October 12, 2017
Cant access fields from log using query template for Elasticsearch filter in Logstash Logstash	1	321	February 5, 2020
Nested object logstash not parsing correctlly Kibana	6	61	October 17, 2024

Work with nested fields in logstash elasticsearch filter

Related topics