Hi, I have fields in Kibana such as fw.ip, fw.name, fw.test.old, and so on. I am trying to remove the "fw" prefix from all these fields using a Ruby filter in Logstash. Here's the code I'm using:
ruby {
code => "
event.to_hash.keys.each do |key|
if key.start_with?('fw.')
new_key = key.sub('fw.', '')
event.set(new_key, event.get(key))
event.remove(key)
end
end
"
}
Unfortunately, this is not working. How can I remove the prefix "fw." from all fields using Ruby?
Is this a prefix or an object named fw with nested field? For example
This is a field with a dot in the name and the fw as a prefix
"{ "fw.ip": "8.8.8.8" }
And this is json object named fw with a nested field named ip
"{ "fw": { "ip": "8.8.8.8" } }
In kibana they will look the same in discover, you will only be able to know if it is a field with a prefix or a json object looking at the json tabe for the document.
Can you provide a sample of how your document looks like in Kibana looking at the json tab in the discover?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.