Hello,
I want to move a whole subset of fields to another level,
Example I want to move docker.container.label.org.myorg.* to root level ?
Is there any way to do this without using :
- rename: fields: - from: "docker.container.labels.org.myorg.logindex" to: "logindex" ignore_missing: true fail_on_error: false
for every fields ?
Thanks
Hi @Lu_Do 
I'm afraid that you'll need to specify the transformation for each field you want to convert, there's not something like a prefix based multi field conversor, sorry.
Thanks @Mario_Castro, create an feature request : https://github.com/elastic/beats/issues/8669
Hope it will be pick up
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.