I am trying to implement the filter below. And continue to get an error about
Invalid FieldReference: `%{[beat][hostname]}`
I believe I am calling the field correctly based on the guide here
filter {
mutate {
split => [ "%{[beat][hostname]}", "." ]
add_field => { "test_shortname" => "%{[beat][hostname][0]}" }
}
}
I recently started working on this recently so I am still very new to elastic
You cannot use a sprintf reference in the split option like that. Try
mutate {
split => [ "[beat][hostname]", "." ]
add_field => { "test_shortname" => "%{[beat][hostname][0]}" }
}Thank you that worked. Really appreciate it, I must have missed that somewhere in the documentation.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.