yoav.str
Reputation: 1542
logstash filter how to create two (or above ) outputs for the one input
I am getting via http poller one json
{
"id":12345
"name":"",
"lastname":"",
"age":12,
"address":{"city":"XXXX" , "street":"ZZZZ" }
}
and I would like this to generate two document in my output :
person :
{
"id":12345
"name":"",
"lastname":"",
"age":12
}
address :
{
"city":"XXXX" ,
"street":"ZZZZ"
}
meaning I got one event in the input
in the input phase getting one input :
input {
http_poller {
urls => {
test1 => "http://localhost:8080"
}
}
in the filter phase I would like to :
- create person event (tag it as P)
- create address event (tag it as A)
in the output phase I would like to :
- send P to P type in ES
- send A to A type in ES
Upvotes: 5
Views: 1148
Answers (1)
Val
Reputation: 217284
You can achieve that with the clone filter.
First, you need to install the plugin which is not bundled by default:
bin/logstash-plugin install logstash-filter-clone
Then you can modify your Logstash config like this:
input {
http_poller {
urls => {
test1 => "http://localhost:8080"
}
type => "A"
}
}
filter {
clone {
clones => [ "P" ]
add_tag => [ "P" ]
}
if [type] == "P" {
mutate {
remove_field => [ "address" ]
}
} else {
mutate {
add_tag => [ "A" ]
remove_field => [ "id", "name", "lastname", "age" ]
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
document_type => "%{type}"
}
}
Upvotes: 4
Related Questions
- Logstash - specify more than one pipeline
- Two outputs in logstash. One for certain aggregations only
- Sending Logstash Input to Multiple Outputs
- Logstash split filter
- Config logstash: multiple input
- logstash elastic search output configuration based on inputs
- Combining log entries with logstash
- Logstash single input and multiple output
- Logstash: Merge two logs into one output document
- Make logstash add different inputs to different indices