Rename field winlog.event_data.TargetUserName

shortcommand · February 7, 2020, 12:20pm

Hi,

I'm running ELK stack with winlogbeat and I would like to change the name of the field winlog.event_data.TargetUserName.

Currently I've put this in my logstash config:

filter{

if [winlog][event_data][TargetUserName]
{
mutate {
rename => { "winlog.event_data.TargetUserName" => "User" }
}
}
}

However, when I run logstash it doesnt seem to do anything. The field doesn't get renamed (as far as I can see in Kibana) and logstash runs just as normal.

Any pointers would be greatly appreciated!

//Rasmus

Badger · February 7, 2020, 2:16pm

Try

rename => { "[winlog][event_data][TargetUserName]" => "User" }

system · March 6, 2020, 2:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to rename the field “event_data.TargetUserName” Logstash	1	534	February 15, 2018
Rename field Logstash	3	703	February 21, 2018
Field is not renaming Logstash	6	368	August 26, 2020
Drop "event_data." from data field Beats winlogbeat	7	2637	April 17, 2017
Refresh doesn't help with question marks Kibana	2	306	March 22, 2019

Rename field winlog.event_data.TargetUserName

Related topics