Our application writes logs in JSON format so it's quite straightforward to send them to Elasticsearch using om_http module. However we need to enrich JSON logs with additional information like application name. I was searching for the solution and found that I could do the following:
Exec set_http_request_path(strftime(now(), "/test-%Y.%m/log/"));
Exec parse_json(); $Application="MyApp"; to_json();
The last line in the output specification make sure the json payload is first parsed and then generated again, enriched with a new field "Application". I wonder if this is a right approach or there are other alternatives.
Thanks in advance