Starting in version 7.16, this experimental functionality has been removed. You should use the journald input in Filebeat instead.
This functionality is in technical preview and may be changed or removed in a future release. Elastic will apply best effort to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
decode_csv_fields processor decodes fields containing records in
comma-separated format (CSV). It will output the values as an array of strings.
This processor is available for Filebeat and Journalbeat.
processors: - decode_csv_fields: fields: message: decoded.csv separator: "," ignore_missing: false overwrite_keys: true trim_leading_space: false fail_on_error: true
decode_csv_fields has the following settings:
- This is a mapping from the source field containing the CSV data to the destination field to which the decoded array will be written.
- (Optional) Character to be used as a column separator. The default is the comma character. For using a TAB character you must set it to "\t".
(Optional) Whether to ignore events which lack the source
field. The default is
false, which will fail processing of an event if a field is missing.
Whether the target field is overwritten if it
already exists. The default is false, which will fail
processing of an event when
Whether extra space after the separator is trimmed from
values. This works even if the separator is also a space.
The default is
(Optional) If set to true, in case of an error the changes to
the event are reverted, and the original event is returned. If set to
false, processing continues also if an error happens. Default is
Intro to Kibana
ELK for Logs & Metrics