Add an 'output_objects' config that builds an object for each grok performed

logstash-plugins / logstash-filter-grok

Grok plugin to parse unstructured (log) data into something structured.

https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

Apache License 2.0

124 stars 97 forks source link

Add an 'output_objects' config that builds an object for each grok performed #138

Open w4 opened 6 years ago

w4 commented 6 years ago

Previous functionality grouped each field by name meaning you lost all context about your events:

{
    "logsource": [
        "evita",
        "evita"
    ],
    "message": [
        "connect from camomile.cloud9.net[168.100.1.3]",
        "connect from steve.cloud9.net[168.100.1.4]"
    ],
    ...
}

to:

{
    "syslogs": [
        {
            "logsource": "evita",
            "message": "connect from camomile.cloud9.net[168.100.1.3]",
            ...
        },
        {
            "logsource": "evita",
            "message": "connect from steve.cloud9.net[168.100.1.4]",
            ...
        }
    ]
}