Create nested field

boernd · April 13, 2016, 9:19am

Hi,

is there a better way to create a nested field than my two step approach? Did not get it to work otherwise.

mutate {
add_field => {
"riemann" => { }
"riemannstate" => "critical"
"riemannservice" => "testservice"
"riemannmetric" => "1.0"
}
}
mutate {
rename => {
"riemannstate" => "[riemann][state]"
"riemannservice" => "[riemann][service]"
"riemannmetric" => "[riemann][metric]"
}
}

magnusbaeck · April 13, 2016, 9:41am

So

mutate { 
  add_field => {
    "[riemann][state]" => "critical"
    "[riemann][service]" => "testservice"
    "[riemann][metric]" => "1.0"
  }
}

doesn't work?

boernd · April 13, 2016, 10:05am

No, unfortunately not. With this approach I get the following result (ls 2.2.2)

{
"message" => "",
"@timestamp" => "2016-04-13T10:04:53.838Z",
"host" => "virtmachine",
"service" => "service",
"metric" => "1.0",
"state" => "critical"
}

Topic		Replies	Views
Filter mutate add_field to create a nested field Logstash	2	201	April 10, 2024
Best Way to create nested field Logstash	10	21026	July 6, 2017
Filter mutate add_field from nested field Logstash	4	10548	March 28, 2019
Mutate rename filter not working on nested fields Logstash	3	617	December 15, 2020
Put value of nested field into new field Logstash	11	5146	April 17, 2018

Create nested field

Related topics