Multi_fields rename problem

abu.sayeed · January 7, 2018, 9:55am

MY Logformat:
computer_name NAZ-TECH-PC-005.NTDAC.nazdaqTechnologies.local
event_data.TargetServerName VNTDACWSPRP001.NTDAC.nazdaqTechnologies.local
event_data.SubjectUserName Jhon
event_data.TargetUserName Tom

filter {
if [type] == "wineventlog" {
mutate {
remove_field => [ "tags", "opcode", "version", "beat", "message"]
}
mutate {
rename => [ "event_data.TargetServerName", "Target_fqdn" ]
rename => [ "computer_name", "source_fqdn" ]
rename => [ "event_data.TargetUserName", "Target_user" ]
rename => [ "data.SubjectUserName", "source_user" ]
}
}

}

source_fqdn NAZ-TECH-PC-005.NTDAC.nazdaqTechnologies.local
event_data.TargetServerName VNTDACWSPRP001.NTDAC.nazdaqTechnologies.local
event_data.SubjectUserName Jhon
event_data.TargetUserName Tom

Please help me to rename event_data. field name

magnusbaeck · January 7, 2018, 4:25pm

You're using the wrong syntax for addressing nested fields, see https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references.

abu.sayeed · January 8, 2018, 5:28am

Thanks problem solve

system · February 5, 2018, 5:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Rename field Logstash	3	703	February 21, 2018
Renaming multiple fields that are nested Logstash	4	1021	April 8, 2022
Rename field winlog.event_data.TargetUserName Logstash	2	869	March 6, 2020
How to rename the field “event_data.TargetUserName” Logstash	1	534	February 15, 2018
Rename strings field to nested field Logstash	7	1338	July 13, 2021

Multi_fields rename problem

Related topics