rodri.gz
October 4, 2021, 2:24pm
1
hello!
i want to enrich my data with the elastic filter .
i tried to keep de host.hostname fields of metricbeat without success with this:
elasticsearch {
hosts => "https://xxxx:9200"
index => "metricbeat"
query => "[host][hostname]:%{server}"
fields => { "[host][hostname]" => "server" }
user => "yyyyy"
password => "xxxxx"
ca_file => 'xxxx/elasticsearch-ca.pem'
}
i tried it with host.hostname, host, hostname, [host.hostname], etc...
how does this filter works with nested fields?
thanks in advanced!
Untested. But try this.
query => "host.hostname:%{[server]}"
fields => { "host.hostname" => "server" }
This is based off previous filter I wrote.
filter {
elasticsearch {
hosts => ["localhost:9200"]
index => "lookup"
query => "_id:%{[kibana.saved_object.type]}\:%{[kibana.saved_object.id]}"
fields => { "visualization.title" => "kibana.saved_object.title" }
enable_sort => false
}
}
system
November 1, 2021, 2:36pm
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.