Cannot translate value inside fields

BIs1 · January 31, 2020, 10:43am

Hi,

I am using logstash 7.3.1 and trying to translate value inside the field after renaming. Basically I want to use translate plugin to translate the value inside the field and populate in same field or different field. If possible don`t want to use dictionary file and point it to file location. I dont know where am I going wrong as its not translating values.

filter {
if [type] == "logs" {
grok {
match => { "message" => ["%{TIMESTAMP_ISO8601:timestamp}%{DATA:loglevel}%{SYSLOGHOST:loglevel}%{DATA:source}%{GREEDYDATA:message}"] }
}
mutate {
rename => { "[loglevel]" => "[syslog_severity]" }
}
mutate {
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}

translate {
field => "loglevel"
destination => "syslog_severity"
 dictionary => {
  "TRACE" => "DEBUG"
  "DEBUG" => "DEBUG"
  "INFO" => "INFO"
  "WARN" => "WARN"
  "ERROR" => "ERROR"
  "FATAL" => "CRITICAL"
}
  remove_field => "loglevel"

}
}
}

Badger · January 31, 2020, 3:15pm

The [loglevel] field will not exist when the translate filter executes because you have previously used mutate+rename to rename it.

BIs1 · February 12, 2020, 2:07pm

Thanks that fixed the problem.

system · March 11, 2020, 2:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Translate filter not working Logstash	2	1551	June 27, 2017
Logstash Translate filter plugin based on multilevel dictionary Logstash	1	370	August 29, 2022
Translate plugin doesn't work Logstash	6	1868	July 6, 2017
How to reference value of field in translate? Logstash	17	2052	December 11, 2019
Translate filter to match the custom values Logstash	2	982	September 18, 2017

Cannot translate value inside fields

Related Topics