Mutate logstash netflow codec variable name to user defined names

I need to change default logstash netflow codec variable name to my own names . How can I do it.

I have tried it as below. In the output, for stdout { codec => rubydebug } shows rename variables names, but gelf output shows and stored Elasticsearch as netflow defualt variable names

mutate
{
rename => [ "[netflow][l4_src_port]" , "[netflow][srcport]" ]
rename => [ "[netflow][l4_dst_port]" , "[netflow][dstport]" ]
rename => [ "[netflow][src_mask]" , "[netflow][srcmask]" ]
rename => [ "[netflow][dst_mask]" , "[netflow][dstmask]" ]
}

please tell me anyone who knows to change netflow default variable names

In the mutate plugin the rename option takes a hash see https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-rename

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.