When I upload json data into elasticsearch some fields are dotted.
I tried to use mutate plugin to rename dotted field but without success.
filter {
mutate {
rename => { "src.ip" => "src_ip" }
}
}As documented, the notation for nested fields is [src][ip] and not src.ip.
https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.