Menu
I am getting via http poller one json
{
"id":12345
"name":"",
"lastname":"",
"age":12,
"address":{"city":"XXXX" , "street":"ZZZZ" }
}
and I would like this to generate two document in my output :
person :
{
"id":12345
"name":"",
"lastname":"",
"age":12
}
address :
{
"city":"XXXX" ,
"street":"ZZZZ"
}
meaning I got one event in the input
in the input phase getting one input :
input {
http_poller {
urls => {
test1 => "http://localhost:8080"
}
}
in the filter phase I would like to :
in the output phase I would like to :
260
Using Logstash multiple outputs Furthermore, we can forward the filtered data of Logstash either to a single output destination or multiple outputs by filtering the inputs in a specific manner, resulting in the outputs being distributed to that particular stream for each of the inputs received.
Only use input once.
The mutate filter allows you to perform general mutations on fields. You can rename, replace, and modify fields in your events.
You can achieve that with the clone filter.
First, you need to install the plugin which is not bundled by default:
bin/logstash-plugin install logstash-filter-clone
Then you can modify your Logstash config like this:
input {
http_poller {
urls => {
test1 => "http://localhost:8080"
}
type => "A"
}
}
filter {
clone {
clones => [ "P" ]
add_tag => [ "P" ]
}
if [type] == "P" {
mutate {
remove_field => [ "address" ]
}
} else {
mutate {
add_tag => [ "A" ]
remove_field => [ "id", "name", "lastname", "age" ]
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
document_type => "%{type}"
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
