Filter mutate add_field from nested field

Welton_Leao_Machado · February 27, 2019, 7:20pm

i'm trying to catch a nested field to add in a new field with mutate add_field

So, i have the follow data

"beat" => {
"name" => "LBR001001-172.net.mapfre.com.br",
"hostname" => "LBR001001-172.net.mapfre.com.br",
"version" => "6.6.1"
}

I want the nested field "name" or "hostname"

I tried the following way

mutate {
			add_field => { "hostname" => [beat][hostname]}
		}

and

mutate {
			add_field => { "hostname" => "[beat][hostname]"}
		}

and

mutate {
			add_field => { "hostname" => "%{beat.hostname}"}
		}

But...

I still can not get the field nested

yaauie · February 27, 2019, 7:25pm

You were super close! you'll need to use the sprintf syntax, and use a field reference to reference the specific field.

mutate {
  add_field => { "hostname" => "%{[beat][hostname]}" }
}

yaauie · February 27, 2019, 7:27pm

If you're looking to copy the field to a new location, the Mutate Filter Plugin's copy directive may be a better match.

mutate {
  copy => { "[beat][hostname]" => "hostname" }
}

Welton_Leao_Machado · February 28, 2019, 2:06pm

Must later i tried that way and i catched the field.Thanks.

Topic		Replies	Views
Filter mutate add_field to create a nested field Logstash	2	366	April 10, 2024
Unable to get new field with mutate filter Logstash	5	326	May 11, 2022
Put value of nested field into new field Logstash	11	5277	April 17, 2018
Issues procesing fields with mutate Logstash	3	344	August 21, 2019
Create nested field Logstash	3	3680	July 6, 2017