0
0
Elasticsearchquery~10 mins

Ingest processors (grok, date, rename) in Elasticsearch - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to define a grok processor that extracts the 'clientip' field.

Elasticsearch
{
  "grok": {
    "field": "message",
    "patterns": ["%{COMMONAPACHELOG}"],
    "[1]": "clientip"
  }
}
Drag options to blanks, or click blank then click option'
Atarget_field
Bignore_missing
Cpattern_definitions
Don_failure
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'ignore_missing' instead of 'target_field'.
Confusing 'patterns' with the output field.
2fill in blank
medium

Complete the code to parse the 'timestamp' field using the date processor with the correct format.

Elasticsearch
{
  "date": {
    "field": "timestamp",
    "formats": ["[1]"]
  }
}
Drag options to blanks, or click blank then click option'
Add/MMM/yyyy:HH:mm:ss Z
Byyyy-MM-dd HH:mm:ss
CMM-dd-yyyy HH:mm:ss
Dyyyy/MM/dd HH:mm:ss
Attempts:
3 left
💡 Hint
Common Mistakes
Using a format without timezone.
Using year first instead of day first.
3fill in blank
hard

Fix the error in the rename processor to rename 'old_field' to 'new_field'.

Elasticsearch
{
  "rename": {
    "field": "[1]",
    "target_field": "new_field"
  }
}
Drag options to blanks, or click blank then click option'
Anew_field
Bfield_name
Csource_field
Dold_field
Attempts:
3 left
💡 Hint
Common Mistakes
Setting 'field' to the new name instead of the old name.
Using incorrect option names.
4fill in blank
hard

Fill both blanks to create a grok processor that extracts 'user' and ignores missing fields.

Elasticsearch
{
  "grok": {
    "field": "message",
    "patterns": ["%{USERNAME:user}"] ,
    "[1]": true,
    "[2]": "user"
  }
}
Drag options to blanks, or click blank then click option'
Aignore_missing
Bon_failure
Ctarget_field
Dpattern
Attempts:
3 left
💡 Hint
Common Mistakes
Confusing 'on_failure' with 'ignore_missing'.
Using 'pattern' instead of 'patterns'.
5fill in blank
hard

Fill all three blanks to create a pipeline with grok, date, and rename processors.

Elasticsearch
{
  "processors": [
    {
      "grok": {
        "field": "message",
        "patterns": ["%{COMMONAPACHELOG}"]
      }
    },
    {
      "date": {
        "field": "[1]",
        "formats": ["dd/MMM/yyyy:HH:mm:ss Z"]
      }
    },
    {
      "rename": {
        "field": "[2]",
        "target_field": "[3]"
      }
    }
  ]
}
Drag options to blanks, or click blank then click option'
Atimestamp
Bclientip
Cip_address
Dsource_ip
Attempts:
3 left
💡 Hint
Common Mistakes
Using wrong field names in date or rename processors.
Mixing up source and target fields.