Rename field

abu.sayeed · January 24, 2018, 5:06am

Winlogbeat fields name:

"event_data": {
"ProcessName"
"LogonGuid"
"IpPort"
"SubjectLogonId"
"TargetLogonGuid"
"SubjectUserName"
"TargetInfo"
"TargetServerName"
"SubjectDomainName"
"IpAddress"
"TargetUserName"
"ProcessId"
"TargetDomainName"
"SubjectUserSid"
},

But I wish

  "ProcessName"
  "LogonGuid"
  "IpPort"
  "SubjectLogonId"
  "TargetLogonGuid"
  "SubjectUserName"
  "TargetInfo"
  "TargetServerName"
  "SubjectDomainName"
  "IpAddress"
  "TargetUserName"
  "ProcessId"
  "TargetDomainName"
  "SubjectUserSid"

So how can I remove "event_data" from every fields?
need help.
Thanks

magnusbaeck · January 24, 2018, 5:22am

Use a mutate filter to rename each field into the top level or use a ruby filter to rename them all in one batch without having to enumerate every field. Examples of the latter has been posted in the past.

abu.sayeed · January 24, 2018, 6:46am

Thanks for your instruction. I change all by ruby filter.

system · February 21, 2018, 6:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to re-name multiple field names at once in logstash Logstash	2	970	January 10, 2022
How to remove part of name in multiple fields with Ruby in logstash? Logstash	10	1125	December 3, 2020
Want to Change a Field Name (Not a Field Value) Logstash	2	16684	July 6, 2017
Rename Fields Logstash	2	323	June 14, 2018
Rename field winlog.event_data.TargetUserName Logstash	2	899	March 6, 2020

Rename field

Related topics