Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Elastic Stack

You're reading from   Mastering Elastic Stack Dive into data analysis with a pursuit of mastering ELK Stack on real-world scenarios.

Arrow left icon
Product type Paperback
Published in Feb 2017
Publisher Packt
ISBN-13 9781786460011
Length 526 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Ravi Kumar Gupta Ravi Kumar Gupta
Author Profile Icon Ravi Kumar Gupta
Ravi Kumar Gupta
Yuvraj Gupta Yuvraj Gupta
Author Profile Icon Yuvraj Gupta
Yuvraj Gupta
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Elastic Stack Overview FREE CHAPTER 2. Stepping into Elasticsearch 3. Exploring Logstash and Its Plugins 4. Kibana Interface 5. Using Beats 6. Elastic Stack in Action 7. Customizing Elastic Stack 8. Elasticsearch APIs 9. X-Pack: Security and Monitoring 10. X-Pack: Alerting, Graph, and Reporting 11. Best Practices 12. Case Study-Meetup

Logstash Tips and Tricks


There are a few tips related to Logstash, which are described in the following sections.

Referencing fields and Its values

In the Logstash configuration file, you can refer to a field by its name and can subsequently pass the value of a field into another field. If you want to refer to a top-level field, use the field name directly. If you want to refer to a nested field, use the [top-level field][nested field] syntax. To refer the field, Logstash uses the sprintf format, which helps us to refer to the field values.

The sprintf format is as follows:

%{[top-level field][nested field].....} 

For example:

output {   
        elasticsearch { 
                document_type => "%{@version}" 
                index => "logstash_%{type}_%{+YYYY-MM-dd-H}" 
  } 
} 

Note

The index name cannot contain the following special characters: \, /, *, ?, ", <, >, |, or ,. Also, the index name must be in lowercase only.

Adding custom-created grok...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image