Logstash Filter Elasticsearch - Referencing Fields

Hi,

I am a bit confused on reference some fields , for example -

fields => {
"host" => "last_logon_host"
"@timestamp" => "last_logon_time"
"event_data.LogonType" => "last_logon_type"
}

all of them work except event_data.LogonType. I've tried -
"event_data.LogonType"
[event_data][LogonType]
[event_data.LogonType]
"[event_data][LogonType]"
"[event_data.LogonType]"

Any suggestions? Thanks!

also tried with no sucess -

[event_data]LogonType
event_data[LogonType]

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.