Logstash: Mutate/Add field with variable interpolation not working

pkaramol · November 7, 2018, 11:46am

The following mutate / field addition with specific value is not working

   geoip {
    default_database_type => "ASN"
    source => "dst"
   }

   mutate {
    add_field => [ "[dst_asn]", "%{geoip.asn}" ]
    # remove_field => [ "geoip" ]
   }

despite the fact the value exists:

?  dst_asn               %{geoip.asn}
#  dst_port               80
?  geoip.as_org               Amazon.com, Inc.
?  geoip.asn               16509
?  geoip.ip               54.247.167.6

Any ideas why?

pkaramol · November 7, 2018, 11:55am

Doesn't work cause this is not the way to access a nested json object...

This is:

add_field => [ "[dst_asn]", "%{[geoip][asn]}" ]

system · December 5, 2018, 11:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.