logstash-filter-grok icon indicating copy to clipboard operation
logstash-filter-grok copied to clipboard

Published 20 hours ago verified publisher icon logstash-plugins

Add an 'output_objects' config that builds an object for each grok performed

Open w4 opened this issue 7 years ago • 0 comments

Previous functionality grouped each field by name meaning you lost all context about your events:

{
    "logsource": [
        "evita",
        "evita"
    ],
    "message": [
        "connect from camomile.cloud9.net[168.100.1.3]",
        "connect from steve.cloud9.net[168.100.1.4]"
    ],
    ...
}

to:

{
    "syslogs": [
        {
            "logsource": "evita",
            "message": "connect from camomile.cloud9.net[168.100.1.3]",
            ...
        },
        {
            "logsource": "evita",
            "message": "connect from steve.cloud9.net[168.100.1.4]",
            ...
        }
    ]
}

w4 avatar Apr 15 '18 11:04 w4