Filter mutate add_field from nested field

Welton_Leao_Machado · February 27, 2019, 7:20pm

i'm trying to catch a nested field to add in a new field with mutate add_field

So, i have the follow data

"beat" => {
"name" => "LBR001001-172.net.mapfre.com.br",
"hostname" => "LBR001001-172.net.mapfre.com.br",
"version" => "6.6.1"
}

I want the nested field "name" or "hostname"

I tried the following way

mutate {
			add_field => { "hostname" => [beat][hostname]}
		}

and

mutate {
			add_field => { "hostname" => "[beat][hostname]"}
		}

and

mutate {
			add_field => { "hostname" => "%{beat.hostname}"}
		}

But...

I still can not get the field nested

yaauie · February 27, 2019, 7:25pm

You were super close! you'll need to use the sprintf syntax, and use a field reference to reference the specific field.

mutate {
  add_field => { "hostname" => "%{[beat][hostname]}" }
}

yaauie · February 27, 2019, 7:27pm

If you're looking to copy the field to a new location, the Mutate Filter Plugin's copy directive may be a better match.

mutate {
  copy => { "[beat][hostname]" => "hostname" }
}

Welton_Leao_Machado · February 28, 2019, 2:06pm

Must later i tried that way and i catched the field.Thanks.

system · March 28, 2019, 2:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter mutate add_field to create a nested field Logstash	2	201	April 10, 2024
Access nested fields in mutate filter Logstash	5	22895	July 6, 2017
Mutate beats field Logstash	10	3633	March 14, 2017
Mutate rename filter not working on nested fields Logstash	3	617	December 15, 2020
Update/rename nested field Logstash	4	2918	October 2, 2019