As you can see, I am going to set up an Alert, and I
The field name you set is not visible.
Fields starting with iso. are not visible, and fields starting with the changed forti_ are not visible.
How can I make this field name selectable in Alert settings?
mutate {
rename => {
"iso.org.dod.internet.private.enterprises.12356.101.4.1.22.0" => "forti_fw_uptime"
"iso.org.dod.internet.private.enterprises.12356.101.4.1.3.0" => "forti_fw_use_cpu"
"iso.org.dod.internet.private.enterprises.12356.101.4.1.4.0" => "forti_fw_use_memory"
"iso.org.dod.internet.private.enterprises.12356.101.4.1.8.0" => "forti_fw_sessioncount"
}
}