What is the logstash “mutate” equivalent in ELasticsearch Ingestion API
Question
I am using filebeat-5.2, logstash-5.2 and AWS Elastic Search Service-5.1. Here I have my existing grok pattern defined in logstash
grok{
match => "\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\]"
}
mutate {
add_field => {
"timestamp" => "\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\]"
}
}
And I am trying to define the equivalent grok processor in Ingestion API.
PUT _ingest/pipeline/pipe_celery_log
{
"processors": [
{
"patterns": ["\\[%{DAY:day} %{MONTH:month} %{MONTHDAY:monthday} %{TIME:time} %{YEAR:year}\\]"]
....................
Is there any method so that I can define mutate in Ingestion API to extract the fields for my timestamp.
I am pretty new to Ingestion API here. Please help me if anyone could solved this.
1 answers
solution1
1 ACCPTED 2017-02-21 14:24:41
The processor you are looking for is called set .
It looks like this:
"set" : {
"field" : "fieldname"
"value" : "fielvalue"
}
You can access fields with double curly brackets:
{{fieldname}}
Check out the set processor docs here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.