Rename fields using a dictionary

frank_esg · August 26, 2020, 8:44am

Hi Folks,

is it possible in Logstash to rename fields (received as json) based on a dictionary File? Basically the same function like the translate filter does, but not for values but for field names.

Background: At the moment our applications are sending there logs in json format to logstash. Problem is that the applications don´t use a unified fieldname set, some fieldnames are the same some not.
We´re now want to implement ECS to harmonize all Fields over all different Logtypes.
Because it would now take a very long time until all teams had converted all their applications to ecs-compliant logging, we would like to rename the old field names in logstash to the new ecs field names. For this we would like to use a dictionary just like the translate filter does.

Is this possible within Logstash?

regards,
Frank

Badger · August 26, 2020, 4:31pm

It is not built in but you could do it in a ruby filter. You can do anything in a ruby filter. You could also re-purpose the translate filter code and build a custom filter.

frank_esg · September 3, 2020, 2:20pm

Hi,

thank you for your Answer. Then i have to figure out how to do that with ruby.

regards,
Frank

system · October 1, 2020, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can Logstash Mutate Rename method use a file Logstash	3	511	December 31, 2018
Logstash rename json fields Logstash	7	643	March 15, 2023
Impossible to rename a field Logstash	1	189	May 6, 2022
Remove part of field name from json inputted fields Logstash	9	3758	July 6, 2017
Ruby Script to rename fields base on a dictionary Logstash	5	388	May 26, 2022

Rename fields using a dictionary

Related Topics