search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.76k stars 8.16k forks source link

Grok Debugger - support for nested fields #110275

Open Dacesilian opened 3 years ago

Dacesilian commented 3 years ago

Describe the feature: Grok Debugger converts nested fields with dots. But logstash doesn't support dots and requires [nested][field] notation. Debugger should support this notation as well. Consequnce is that you see structured data as you want, but logstash produces "one.field" and not "nested": {"field"...}

Describe a specific use case for the feature:

This custom pattern: NFTABLES \[%{DATA}\] +\[%{DATA:[syslog][program]}\] +%{DATA:nftables.action}: produces:

{
  "nftables": {
    "action": "Inbound Denied"
  },
  "[syslog][program]": "nftables"
}

But it should produce "syslog": {"program": "nftables"....}. Thanks.

elasticmachine commented 3 years ago

Pinging @elastic/kibana-stack-management (Team:Stack Management)

elasticmachine commented 2 weeks ago

Pinging @elastic/kibana-management (Team:Kibana Management)