Hi,
How do I rename an available field? So for example we pull logs from GCP and use a json filter before outputting it to elasticsearch. The message field shows an event named "bytes_sent" but in Kibana under Available Fields it shows as jsonPayload.bytes_sent. Is there a way to strip the jsaonPayload. so it just shows as bytes_sent? I have tried rename and mutate filters within logstash but they dont appear to do anything.....provided this is even the right thing to do.
Use a mutate filter. Perhaps you are confusing jsonPayload.bytes_sent (a field with a period in its name) with [jsonPayload][bytes_sent] (a field within the jsonPayload object). The two appear the same in Kibana, but you need to use different names for them in logstash.
Thanks....worked!!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.