Create new json from existing json

Zeeshan_Alam · October 25, 2018, 11:10am

I am getting data in this format:

{
	"a": "1",
	"b": "2"
}

I want it to changes to:

{
	data: {
		"a": "1",
		"b": "2"
	}
}

I can change it using the mutate filter:

mutate {
	 rename => {
		"[a]" => "[data][a]"
		"[b]" => "[data][b]"
	}
}

But here I have to rename each field individually.

Is there a way I can move the entire incoming message inside data field, something like:

rename => {"[entite_message]" => "[data][entire_message]"}

system · November 22, 2018, 11:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash rename json fields Logstash	7	653	March 15, 2023
Partially flatten json structure in logstash filter Logstash	4	330	October 25, 2018
Rename json nested fields using mutate Logstash	5	448	September 1, 2023
Mutate rename filter not working on nested fields Logstash	3	617	December 15, 2020
Using mutate rename Source and destination? JSON plugin question for filter Logstash	2	250	December 14, 2021