Hi, I am new to Logstash. i ship multiple firewall logs to logstash and we identify each firewall by SN. The SN is not easily identified and want to give each SN a friendly name. I have tried to use mutate rename{} but this has not been successful.
Below is a typical Log:
{
"_index": "logstash-2017.01.21",
"_type": "SW",
"_id": "AVnAd3OvfFR_D-jAnZ_S",
"_score": null,
"_source": {
"@version": "1",
"@timestamp": "2017-01-21T09:59:55.343Z",
"type": "SW",
"tags": [
"_grokparsefailure_sysloginput"
],
"priority": 0,
"severity": 0,
"facility": 0,
"facility_label": "kernel",
"severity_label": "Emergency",
"<134>id": "firewall",
"sn": "0117C545F20D",
"time": "2017-01-21 11:59:56",
"f": "General HTTP",
"sess": "None",
"src": "4.3.2.1:37338:X0",
"dst": "5.6.7.8:80:X1",
"op": "2",
"sent": "1362",
"rcvd": "204",
"dstname": "hmma.baidu.com",
"arg": "/app.gif",
"code": "64",
"Category": "Not Rated",
"srcip": "4.3.2.1",
"srcinfo": "37338",
"dstip": "5.6.7.8",
"dstinfo": "80"
},
I need to change 0117C545F20D to "Customer1FW"
Thanks,