Bad field when upload json data into elasticsearch

elk2 · April 28, 2018, 5:00pm

When I upload json data into elasticsearch some fields are dotted.

I tried to use mutate plugin to rename dotted field but without success.

filter {
  mutate {    
    rename => { "src.ip" => "src_ip" }
  }
}

magnusbaeck · April 28, 2018, 5:34pm

As documented, the notation for nested fields is [src][ip] and not src.ip.

system · May 26, 2018, 5:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove part of field name from json inputted fields Logstash	9	3759	July 6, 2017
Mutate rename filter not working on nested fields Logstash	3	2392	December 6, 2019
Rename nested field based on its data type Logstash	1	219	May 26, 2023
Mutate rename filter not working on nested fields Logstash	3	617	December 15, 2020
Elasticsearch mapping - cannot index a field having name starting with a dot Logstash	8	1269	February 8, 2019