Some fields are missing after rename.

JHub-Wei · December 16, 2023, 1:46am

The output of the sample message shared is as follows:

      {
        "_index" : "wsk_access__qer_info_2023.12.15",
        "_type" : "_doc",
        "_id" : "PfZTa4wBxI1zWeQYzPgL",
        "_score" : null,
        "_source" : {
          "args" : {
            "totalNum" : 12
          },
          "eventId" : "QER_INFO",
          "@timestamp" : "2023-12-15T16:54:28.791Z",
          "_eventId" : "qer_info",
          "region" : "cn-north-3",
          "timestamp" : 1702630468791,
          "@version" : "1"
        },
        "sort" : [
          1702630468791
        ]
      }

The expected output is:

      {
        "_index" : "wsk_access__qer_info_2023.12.15",
        "_type" : "_doc",
        "_id" : "PfZTa4wBxI1zWeQYzPgL",
        "_score" : null,
        "_source" : {
          "@timestamp" : "2023-12-15T16:54:28.791Z",
          "args" : {
            "unNum" : 2,
            "totalNum" : 12
          },
          "timestamp" : 1702630468791,
          "eventId" : "QER_INFO",
          "@version" : "1",
          "region" : "cn-north-3",
          "_eventId" : "qer_info"
        },
        "sort" : [
          1702630468791
        ]
      }

Topic		Replies	Views
Logstash 2.2.2 mutuate Logstash	5	760	July 6, 2017
Repeated values with mutate filter in nested json output Logstash	3	781	July 6, 2017
Logstash mutate filter, rename - "Exception in filterworker", "exception"=>#<IndexError: string not matched> Logstash	6	3171	July 6, 2017
Put value of nested field into new field Logstash	11	5242	April 17, 2018
Comments between hash entries cause parse error Logstash	1	427	July 6, 2017

Some fields are missing after rename.

Related topics