Rename fields using a dictionary

frank_esg · August 26, 2020, 8:44am

Hi Folks,

is it possible in Logstash to rename fields (received as json) based on a dictionary File? Basically the same function like the translate filter does, but not for values but for field names.

Background: At the moment our applications are sending there logs in json format to logstash. Problem is that the applications don´t use a unified fieldname set, some fieldnames are the same some not.
We´re now want to implement ECS to harmonize all Fields over all different Logtypes.
Because it would now take a very long time until all teams had converted all their applications to ecs-compliant logging, we would like to rename the old field names in logstash to the new ecs field names. For this we would like to use a dictionary just like the translate filter does.

Is this possible within Logstash?

regards,
Frank

Badger · August 26, 2020, 4:31pm

It is not built in but you could do it in a ruby filter. You can do anything in a ruby filter. You could also re-purpose the translate filter code and build a custom filter.

frank_esg · September 3, 2020, 2:20pm

Hi,

thank you for your Answer. Then i have to figure out how to do that with ruby.

regards,
Frank

system · October 1, 2020, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can Logstash Mutate Rename method use a file Logstash	3	512	December 31, 2018
Logstash rename json fields Logstash	7	653	March 15, 2023
Impossible to rename a field Logstash	1	189	May 6, 2022
Remove part of field name from json inputted fields Logstash	9	3759	July 6, 2017
Dynamically match and rename json fields Logstash	2	1160	April 3, 2017

Rename fields using a dictionary

Related topics