0
0
Elasticsearchquery~10 mins

Log management pipeline in Elasticsearch - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to define an Elasticsearch index for logs with a timestamp field.

Elasticsearch
{
  "mappings": {
    "properties": {
      "timestamp": { "type": [1] }
    }
  }
}
Drag options to blanks, or click blank then click option'
Akeyword
Btext
Cdate
Dinteger
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'text' or 'keyword' type for timestamp fields.
Using 'integer' type for dates.
2fill in blank
medium

Complete the pipeline processor to parse a JSON log message.

Elasticsearch
{
  "processors": [
    {
      "json": {
        "field": [1]
      }
    }
  ]
}
Drag options to blanks, or click blank then click option'
A"timestamp"
B"message"
C"log"
D"source"
Attempts:
3 left
💡 Hint
Common Mistakes
Parsing the wrong field like 'timestamp' or 'source'.
Forgetting to quote the field name.
3fill in blank
hard

Fix the error in the ingest pipeline to add a new field with a static value.

Elasticsearch
{
  "processors": [
    {
      "set": {
        "field": "log_level",
        "value": [1]
      }
    }
  ]
}
Drag options to blanks, or click blank then click option'
A"INFO"
BINFO
Cinfo
D'INFO'
Attempts:
3 left
💡 Hint
Common Mistakes
Using unquoted strings causing JSON errors.
Using single quotes instead of double quotes.
4fill in blank
hard

Fill both blanks to create a pipeline that drops logs with level 'debug'.

Elasticsearch
{
  "processors": [
    {
      "drop": {
        "if": "ctx.[1] == '[2]'"
      }
    }
  ]
}
Drag options to blanks, or click blank then click option'
Alog_level
Bdebug
Clevel
Dinfo
Attempts:
3 left
💡 Hint
Common Mistakes
Using wrong field names like 'level'.
Checking for 'info' instead of 'debug'.
5fill in blank
hard

Fill all three blanks to create a pipeline that renames 'host' to 'hostname', adds a tag, and removes 'temp_field'.

Elasticsearch
{
  "processors": [
    {
      "rename": {
        "field": [1],
        "target_field": [2]
      }
    },
    {
      "append": {
        "field": "tags",
        "value": [[3]]
      }
    },
    {
      "remove": {
        "field": "temp_field"
      }
    }
  ]
}
Drag options to blanks, or click blank then click option'
A"host"
B"hostname"
C"processed"
D"temp"
Attempts:
3 left
💡 Hint
Common Mistakes
Not quoting field names and tag values.
Using wrong tag values like 'temp'.