I have a csv column hotspots, which contains multiple values with comma seprated NAME,HOTSPOTS "abc","spot1,spot2" "xyz","spot2,spot3"
In logstash filter i tried case1: is giving error
split {
field => "HOTSPOTS"
separator => ","
target => "hotspot_array"
}
case2: is sending as text field in elk
mutate {
split => { "HOTSPOTS" => "," }
add_field => { "hotspot_array" => "%{[HOTSPOTS]}" }
}
How to push hotspots to elk in array format through logstash
How about this:
filter{
csv {
separator => ","
columns => ["NAME", "HOTSPOTS"]
}
mutate {
copy => { "HOTSPOTS" => "hotspot_array" }
}
mutate {
split => {
"hotspot_array" => ","
}
}
}