Rename field value of int with string name

John_Lim · June 20, 2019, 9:20pm

Hello all,
Please provide some tips regarding grok mutate issue.

1.) I created a Kibana dashboard but it will make more sense if I can rename the field value. For instance the action type of Web Security Gateway logs shows number (i.e. 0,1,2,3, etc), instead of showing number, how can I convert the value to (0=allowed, 1=denied, etc)..

for example:

filter {
if [type] == "syslog" {
grok {
match => { "message" => ["%{NUMBER:action_type} %{GREEDYDATA:protocol}" ] }
remove_field => "message"
if [action_type] == 0} {
mutate {
replace => [ "action_type", "allowed" ]
}
}
else if [action_type] == 1} {
mutate {
replace => [ "action_type", "denied" ]
.......
.......
}
}
}
}

Badger · June 20, 2019, 9:40pm

The translate filter documentation has an example similar to this. Make sure you read about the override option on that filter.

John_Lim · June 25, 2019, 1:58pm

Thanks, appreciate it....

system · July 23, 2019, 1:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change field type from string to integer? and how to re-index? Elasticsearch	15	58462	July 5, 2017
Use mutate rename filter Logstash	4	3692	October 16, 2018
Mutate filter plugin: convert to keyword and text? Logstash	6	10138	December 23, 2016
Mutate - replace field string using another pattern Logstash	3	4277	December 26, 2016
Logstash convert string field to number Logstash	6	6403	January 15, 2018

Rename field value of int with string name

Related Topics