Logstash mutate and translate the same field

Hello,

I would like to make services translation like this:
21/tcp => ftp
80/tcp => http

But the translation doesn't work.

So, my services.yaml file is like this :
"1/tcp": "tcpmux"
"1/udp": "tcpmux"
"5/tcp": "rje"
"5/udp": "rje"
"7/tcp": "echo"
"7/udp": "echo"
"9/tcp": "discard "
"9/udp": "discard"
"11/tcp": "systat"
"11/udp": "systat"
"13/tcp": "daytime
.....

And my Logstash Configuration

                    filter {
                            mutate {

                            add_field => {"application_name" => "%{[netflow][l4_dst_port]}/%{protocol_name}"}
                            convert => {"application_name" => "string"}
                            }

                            translate {
                            field => "application_name"
                            destination => "application_name"
                            dictionary_path => "/opt/logstash/conf/services.yaml"
                            }



                    }

If you output your events to stdout using the stdout output plugin and the rubydebug codec, what do they look like?

It's resolved now :

filter {

                            mutate {
                                            add_field => {"app_name" => "%{[netflow][l4_dst_port]}/%{protocol_name}"}
                                    }
                    
                    
                            translate {
                            field => "app_name"
                            destination => "application_name"
                            dictionary_path => "/opt/logstash/conf/services.yaml"
                           
                            }

And I changed my services.yml file because the value doesn't contains => "

"1/tcp": "tcpmux" move to "1/tcp": tcpmux
"1/udp": "tcpmux" move to "1/udp": tcpmux

So it was, my bad configuration in my yaml file

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.