Filter not working when something has a period in it's name

So I need to write a filter that changes all the periods in field names to underscores. I amusing mutate, and I can do some things and not other things. For reference here is my current output in Kibana.

See those fields that say "packet.event-id" and so forth? I need to rename all of those. Here is my filter that I wrote and I do not know why it doesn't work

The problem is that I CAN add a field, and the renaming of "offset" WORKS. But when I try and do the packet one nothing changes. I feel like this should be simple and I am very confused as to why only the one with a period in it doesn't work.

I have refreshed the index in Kibana, and still nothing changes. Anyone have a solution?

Why not just use the de_dot filter?

The documentation says that it is expensive, and has to copy each field's data to a whole new reference.

"It should only be used if no other options are available."

Logstash also seems to be ignoring that these fields that start with "packet" are even there. The reason I say that is because I did this:

mutate {
 add_field => {
"my_packet_event_id" => "%{packet.event-id}"
} 

and it did not work either. The field was added but the value was literally a strring that said

    %{packet.event-id}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.