Create new json from existing json

I am getting data in this format:

{
	"a": "1",
	"b": "2"
}

I want it to changes to:

{
	data: {
		"a": "1",
		"b": "2"
	}
}

I can change it using the mutate filter:

mutate {
	 rename => {
		"[a]" => "[data][a]"
		"[b]" => "[data][b]"
	}
}

But here I have to rename each field individually.

Is there a way I can move the entire incoming message inside data field, something like:

rename => {"[entite_message]" => "[data][entire_message]"}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.