i'm having problems parse json elasticsearch logstash:
{ "type1": {}, "type2": { "id": { "param1": value1, "param2": value2, "param4": value3, "param4": value4, "param5": value5 } }, "type3": {} } i'm using logstash config:
input { http_poller { urls => { data => "http://blablah/json_data" } request_timeout => 10 interval => 15 codec => "json" } } output { elasticsearch { hosts => ["localhost:9200"] } } i want map "type" elastic "_type" value, , "id" elastic "_id" value, cant achieve that.
i've read tons of doc filters , grok , head explode.
any apreciated :)
edit: expected output
{ "_index": "logstash-16.07.21", "_type": "type2", "_id": "id", "_score": 1, "_source": { "id": { "param1": value1, "param2": value2, "param3": value3, "param4": value4, "param5": value5 }, "@version": "1", "@timestamp": "2016-07-21t16:12:29.716z" "param1": "value1", "param2": "value2", "param3": "value3", "param4": "value4", "param5": "value5" }, "fields": { "@timestamp": [ 1469117549716 ] } }
Comments
Post a Comment