From 4c47b82f1298d4a6b2df0a91a6c85b0037883a21 Mon Sep 17 00:00:00 2001
From: Yashwant Bokadia <yashwant@duplocloud.net>
Date: Fri, 29 Nov 2024 00:23:31 +0530
Subject: [PATCH] updated filter

---
 diagnostics/opensearch/logstash/logstash.conf | 36 +++++++++++++------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/diagnostics/opensearch/logstash/logstash.conf b/diagnostics/opensearch/logstash/logstash.conf
index 87a483a..5ecb152 100644
--- a/diagnostics/opensearch/logstash/logstash.conf
+++ b/diagnostics/opensearch/logstash/logstash.conf
@@ -5,18 +5,32 @@ input {
 }
 
 filter {
-    json {
-        source => "message"
-        remove_field => ["message"]
-    }
-    split {
-        field => "records"
-    }
+  json {
+    source => "message"
+    remove_field => ["message"]
+  }
+
+  split {
+    field => "[records]"
+  }
+
+  date {
+    match => ["[records][time]", "MM/dd/yyyy HH:mm:ss"]
+    target => "@timestamp"
+  }
+
+  mutate {
+    remove_field => ["[records][time]"]
+  }
+
+  mutate {
+    remove_field => ["event.original"]
+  }
 }
 
 output {
-    opensearch {
-        hosts =>  ["${OPENSEARCH_HOST}:9200"]
-        index => "logstash-eventhub-%{+YYYY.MM.dd}"
-    }
+  opensearch {
+    hosts => ["${OPENSEARCH_HOST}:9200"]
+    index => "logstash-eventhub-%{+YYYY.MM.dd}"
+  }
 }
\ No newline at end of file