Base config
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
input { file { path => "/home/ols.log" start_position => "beginning" sincedb_path => "/dev/null" } } filter { json { source => "message" } date { match => [ "skapad", "ISO8601"] } } output { elasticsearch { hosts => ["http://es:9200"] index => "ols" } stdout { codec => rubydebug } } |
Remove nested field
the json looks something like this
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
{ "entitet": { "attribut": { "andrad": "2023-06-14T11:46:13.163Z", "mottagare": { "anvandare": null, "anvandarnamn": null, "region": "Väst", "roll": "CHEF", "roller": null, "org": null, "typ": "WQS", "Kod": null }, "skapad": "2023-06-14T11:46:13.163Z", "status": "SKICKAD", "tillhor": { "id": "YY_e79a0ce2_c8a1_4c11_8fa1_c963540bb962", "typ": "USER" }, "uppgift": { "beskrivning": "fixa lite ", "typ": "FRITEXT", } }, "id": "A_b3bc8420_40fa_443a_be61_ffa32668c439", "schemaVersion": 1, "typ": "UPPGIFT" }, "id": 8126, "skapad": "2023-06-14T11:46:13.358Z", "skapadAv": "Jörgen Larsson", "typ": "EventBusLogEntry" } |
with this config the field “entitet / attribut / mottagare” can be removed
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
filter { json { source => "message" } date { match => [ "skapad", "ISO8601"] } mutate { remove_field => ["[entitet][attribut][mottagare]"] } } |
Convert JSON field to string
If we would like to convert a field that is a json object into a string, we can use the ruby module to make it a string instead
|
1 2 3 4 5 6 7 8 9 10 11 |
filter { json { source => "message" } date { match => [ "skapad", "ISO8601"] } ruby { code => 'event.set("[entitet][attribut][mottagare]", event.get("[entitet][attribut][mottagare]").to_s)' } } |
The output now looks like this
|
1 |
"mottagare" => "{\"anvandare\"=>nil, \"region\"=>\"Väst\", \"anvandarnamn\"=>nil, \"roll\"=>\"CHEF\", \"roller\"=>nil, \"org\"=>nil, \"typ\"=>\"WCS\", \"Kod\"=>nil}", |
What fabulous ideas you have concerning this subject! By the way, check out my website at ZQ3 for content about Podcasting.
Hey, if you are looking for more resources, check out my website QH7 as I cover topics about Search Engine Optimization. By the way, you have impressive design and layout, plus interesting content, you deserve a high five!
What fabulous ideas you have concerning this subject! By the way, check out my website at 71N for content about Thai-Massage.
Nice post! You have written useful and practical information. Take a look at my web blog QN9 I’m sure you’ll find supplementry information about Airport Transfer you can gain new insights from.