Appname wasn't blank and i was looking at rubydebug only. And Appname, i am trying to retrieve from given URL, so it was like that.
I tested this scenario just now and i got my result, here is update:
tested with:
mutate {
add_field => { "testrun" => "%{testrun}" }
add_field => { "critical" => "%{critical}" }
}
-
Below is console output of rubydebug: [ This created my confusion, i don't know why i am getting this output where i was expecting "testrun" = 0]
"testrun" => "%{testrun}",
"critical" => "%{critical}", -
where as elasticsearch is showing testrun as a field. [my expectation] and 0 as value