Merge two fields into one

Hi,

First of all sorry for ask this, I know that is lots of info about this but i cannot make it work.

So what I would like to do is combine the fields hostname and path.

"@timestamp" => 2020-05-07T16:45:36.042Z
}
{
  "@version" => "1",
   "message" => "XXXXXXX#~#XXXX#~#XXXXXX=java.net.ConnectException: Connection refused: connect",
     "input" => {
    "type" => "log"
},
      "host" => {
              "os" => {
         "version" => "10.0",
            "name" => "W",
           "build" => "5241039",
        "platform" => "W",
          "family" => "w",
          "kernel" => "10800)"
    },
        "hostname" => "Ser",
    "architecture" => "64",
              "id" => "XXXXXXXXXXX",
            "name" => "Ser"
},
     "agent" => {
         "version" => "7.6.2",
    "ephemeral_id" => "XXXXXXXXXXXX",
        "hostname" => "Ser",
              "id" => "XXXXXXXXXXXXX",
            "type" => "filebeat"
},
       "log" => {
    "offset" => 33123,
      "file" => {
        "path" => "C:\\XXX\CCC\SSS.log"
    }
},

my filter config

filter {
	grok {
    		match => [ "message", "%{DATESTAMP:date} %{LOGLEVEL:severity} %{GREEDYDATA:message}" ]
  	}
	mutate {
		add_field => { "Ubicacion" => "%{hostname}%{path}"}
	mutate {
		remove_tag => ["beats_input_codec_plain_applied"] 
        }
}

Please could somebody give me some advice, it seems to be quite easy but I cannot make it work.

Thank you very much

the path is nested inside [log][file] , so :

"%{hostname}%{[log][file][path]}"

Good morning, ptamba

thank you a 1000 times, it did work right away. Now that you pointed the solution I was checking and it make a lot of sense.

I really appreciate your help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.