Logstash Pipeline Translate Filter

fim · October 3, 2019, 1:55pm

May somebody help me to solve the following problem?

My index gets written into elasticsearch but the field host.name is not changed according the predefined dictionary.

Data gets ingested from a metricbeat v7.3.

input {
    pipeline { address => "metricbeat-ais" }
}

filter {
	translate {
		field => "host.name"
		destination => "host.name"
        override => "true"
        dictionary => {
            "host-001" => "COM"
            "host-002" => "AMS"
		    "host-003" => "WEB"
            "host-004" => "SQL"
        }
	}
}

output {
    ...
    }
}

Badger · October 3, 2019, 2:11pm

Are you sure it has a period in the field name, or is it a nested field that you would refer to as [host][name] in logstash?

Kartik_Kolachina · October 3, 2019, 3:01pm

Can you try,
field => "host[name]"

Yatesss · October 3, 2019, 3:05pm

field => "[host][name]"
destination => "host.name"

fim · October 4, 2019, 8:58am

I rely on ECS.
Your feedback solved my problem:

field => "[host][name]"
destination => "[host][name]"

Thanks Badger!

system · November 1, 2019, 8:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Work with nested fields in logstash elasticsearch filter Logstash	2	391	November 1, 2021
Having trouble forwarding indexes from Elasticsearch to logstash Logstash	4	326	July 9, 2018
Translate filter trouble Logstash	3	359	March 5, 2020
Index fields with keyword Kibana	2	895	August 2, 2019
Not able to add host name to metric filter plugin output Logstash	9	350	May 7, 2021

Logstash Pipeline Translate Filter

Related Topics