Cannot translate value inside fields

BIs1 · January 31, 2020, 10:43am

Hi,

I am using logstash 7.3.1 and trying to translate value inside the field after renaming. Basically I want to use translate plugin to translate the value inside the field and populate in same field or different field. If possible don`t want to use dictionary file and point it to file location. I dont know where am I going wrong as its not translating values.

filter {
if [type] == "logs" {
grok {
match => { "message" => ["%{TIMESTAMP_ISO8601:timestamp}%{DATA:loglevel}%{SYSLOGHOST:loglevel}%{DATA:source}%{GREEDYDATA:message}"] }
}
mutate {
rename => { "[loglevel]" => "[syslog_severity]" }
}
mutate {
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}

translate {
field => "loglevel"
destination => "syslog_severity"
 dictionary => {
  "TRACE" => "DEBUG"
  "DEBUG" => "DEBUG"
  "INFO" => "INFO"
  "WARN" => "WARN"
  "ERROR" => "ERROR"
  "FATAL" => "CRITICAL"
}
  remove_field => "loglevel"

}
}
}

Badger · January 31, 2020, 3:15pm

The [loglevel] field will not exist when the translate filter executes because you have previously used mutate+rename to rename it.

BIs1 · February 12, 2020, 2:07pm

Thanks that fixed the problem.

system · March 11, 2020, 2:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Translate plugin: translate array values/use tag instead of field/use wildcard/regex in field Logstash	3	1137	July 6, 2017
Translate filter not working Logstash	2	1551	June 27, 2017
Logstash Translate filter plugin based on multilevel dictionary Logstash	1	371	August 29, 2022
Translate filter not working properly Logstash	3	1154	February 19, 2018
Change field value within to another value Logstash	6	787	July 24, 2018

Cannot translate value inside fields

Related topics