Hi,
Can anyone explain what does add_field do ?
filter { mutate { add_field => { "COLUMN2" => "%{COLUMN1}" } } }
What is the difference between add_field present in mutate, clone, kv and grok plugins
Can anyone explain what does add_field do ?
It adds a field to the current event. I don't know how to explain that in any different way.
What is the difference between add_field present in mutate, clone, kv and grok plugins
With the exception of mutate, add_field and remove_field only apply if the filter was successful (where the meaning of success depends on the filter). In other words,
filter {
grok {
match => ["foo", "..."]
remove_field => ["foo"]
}
}
is a convenient way of parsing a field with grok and deleting the original field only if the grok match was successful.
adds a field means is that added as a new column in es index if output is an elasticsearch index
adds a field means is that added as a new column in es index if output is an elasticsearch index
Elasticsearch has no "column" concept, but yes.