Logstash: Mutate/Add field with variable interpolation not working

pkaramol · November 7, 2018, 11:46am

The following mutate / field addition with specific value is not working

   geoip {
    default_database_type => "ASN"
    source => "dst"
   }

   mutate {
    add_field => [ "[dst_asn]", "%{geoip.asn}" ]
    # remove_field => [ "geoip" ]
   }

despite the fact the value exists:

?  dst_asn               %{geoip.asn}
#  dst_port               80
?  geoip.as_org               Amazon.com, Inc.
?  geoip.asn               16509
?  geoip.ip               54.247.167.6

Any ideas why?

pkaramol · November 7, 2018, 11:55am

Doesn't work cause this is not the way to access a nested json object...

This is:

add_field => [ "[dst_asn]", "%{[geoip][asn]}" ]

system · December 5, 2018, 11:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[SOLVED] The filter plugin mutate-convert doesn't work in 5.0 Logstash	17	8866	December 9, 2016
Logstash: mutate convert doesn't work on dynamic field name Elasticsearch	4	2421	July 5, 2017
Filter mutate add_field from nested field Logstash	4	10504	March 28, 2019
Filter mutate add_field to create a nested field Logstash	2	192	April 10, 2024
Add_field getting wrong value Logstash	5	736	February 27, 2019

Logstash: Mutate/Add field with variable interpolation not working

Related Topics