Hi,
How do I rename an available field? So for example we pull logs from GCP and use a json filter before outputting it to elasticsearch. The message field shows an event named "bytes_sent" but in Kibana under Available Fields it shows as jsonPayload.bytes_sent. Is there a way to strip the jsaonPayload. so it just shows as bytes_sent? I have tried rename and mutate filters within logstash but they dont appear to do anything.....provided this is even the right thing to do.
Use a mutate filter. Perhaps you are confusing jsonPayload.bytes_sent (a field with a period in its name) with [jsonPayload][bytes_sent] (a field within the jsonPayload object). The two appear the same in Kibana, but you need to use different names for them in logstash.
Thanks....worked!!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.