i'm trying to catch a nested field to add in a new field with mutate add_field
So, i have the follow data
"beat" => {
I want the nested field "name" or "hostname"
I tried the following way
mutate {
add_field => { "hostname" => [beat][hostname]}
}
and
mutate {
add_field => { "hostname" => "[beat][hostname]"}
}
and
mutate {
add_field => { "hostname" => "%{beat.hostname}"}
}
But...
I still can not get the field nested
1 Like
yaauie
February 27, 2019, 7:25pm
2
You were super close! you'll need to use the sprintf syntax , and use a field reference to reference the specific field.
mutate {
add_field => { "hostname" => "%{[beat][hostname]}" }
}
2 Likes
yaauie
February 27, 2019, 7:27pm
3
If you're looking to copy the field to a new location, the Mutate Filter Plugin's copy directive
mutate {
copy => { "[beat][hostname]" => "hostname" }
}
2 Likes
Must later i tried that way and i catched the field.Thanks.
system
March 28, 2019, 2:06pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.