I have a field X that has the value fw.auth.deny or fw.auth.allow How can I create a new field that is called y that has the value fw in it using logstash or mapping templates? Thanks in advance. Chris P.S. I looked around a lot and could not find an example of how to do this.

On ingest I need to create a new field based on the value of a field in the document

magnusbaeck (Magnus Bäck) October 26, 2016, 8:12pm 2

Use a grok filter. Why should "fw" be extracted? Does X always begin with "fw"? Or do you want to extract everything up to the first period?

Topic		Replies	Views
Extract a string from a field and create a new field with that string Logstash	2	10404	March 6, 2017
Adding new fields from grok filter in logstash Logstash	1	570	November 20, 2018
Grok patterns : creating new field Logstash	5	1726	May 23, 2017
Extract the value from CSV field and add new field Logstash	7	3653	July 19, 2017
Add new field based on request field Logstash	3	681	July 6, 2017