Reputation: 1254
Logstash: create new event in filter
When filtering events in logstash (20+ attributes) i would like to create new event which would have one parameter from original event and store it into other ElastiSearch index.
I know this is possible using clone filter plugin. But i don't want to manually remove all attributes from original events except the one I need.
Also i could just clone that event (i'm will store new event in separate elasticsearch index) but that will duplicate unneeded attributes.
Is there any filter plugin for this purpose? Or some hidden feature? Or maybe clone filter plugin handles removal of all attributes from cloned messages?
Upvotes: 1
Views: 927
Answers (1)
Reputation: 1
ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch.
http://elastalert.readthedocs.io/en/latest/elastalert.html
Upvotes: 0
Related Questions
- Logstash: Could not index event to Elasticsearch
- Logstash with Elasticsearch
- add date ingested to Logstash event
- elasticsearch filter not working in logstash
- using elasticsearch filter in logstash pipeline
- Sending logstash logs directly to elasticsearch
- ELK: Merge multiple events into one
- Change date on event created by Elapsed or Aggregate filters
- Logstash to output events in Elasticsearch bulk API data format
- Remove an event field and reference it in Logstash