Brian KITHEN
Reputation: 11
Creating Index based on another field in logstash
this question was asked 3 months ago. One of the answers helped me but doesn't solve evey issues.
I am new to ELK and I have an issue to build the index based on another field.
Alain Collins solution (see link) is pretty good: I could format the index as I wanted but the send_to field appears in the output and the field cannot be removed. send_to acts as a temporary variable used in the index. Is there any way to not output the send_to field ?
Upvotes: 1
Views: 533
Answers (1)
Alain Collins
Reputation: 16362
Sure - use a relatively new feature called metadata.
Put the value in a field like [@metadata][send_to], which you can then refer to in the output stanza. metadata fields aren't sent to elasticsearch, so they won't "pollute" your documents.
Upvotes: 1
Related Questions
- Custom grok patterns - matching multiple patterns
- Logstash grok filter apache pattern
- Create a field by message logstash
- How to pull specific data from log using logstash and Grok and index as fields in Kibana for every record?
- logstash grok filter pattern
- Grok filter for logstash to match a specific value from a log file
- Custom GROK filter - Logstash -> Elasticsearch
- Logstash define field within a field
- grok filter for log pattern
- Logstash Indexing