"unknown field [pivot]" error

meatwad · August 25, 2025, 10:42pm

Hi there,

I’m trying to follow along with this post to try and enrich FortiGate logs:

But when I do the initial POST _transform/fortivpntunnels/_update, I get the following error:

{
  "error": {
    "root_cause": [
      {
        "type": "x_content_parse_exception",
        "reason": "[92:3] [data_frame_transform_config_update] unknown field [pivot]"
      }
    ],
    "type": "x_content_parse_exception",
    "reason": "[92:3] [data_frame_transform_config_update] unknown field [pivot]"
  },
  "status": 400
}

Is there something that needs enabling in my 8.14.2 install or what exactly do I need to do? Sorry for the stupid question but I appreciate the assistance!

Tortoise · August 26, 2025, 6:13am

Hello @meatwad

As per documentation below is used to update a transform :

POST/_transform/{transform_id}/_update

To create a transform we will have to use 
PUT _transform/fortivpntunnels
{
}

When you want to update the transform we use _update
POST _transform/fortivpntunnels/_update
{
}

But in this he has not used pivot field to update existing fields :

POST _transform/fortivpntunnels/_update
{
  "dest": {
    "index": "fortinet-vpn-tunnels",
    "pipeline": "add-client-geo"
  }
}

Thanks!!

Topic		Replies	Views
Best practice for adding additional fields to transform Elasticsearch transforms	2	51	July 1, 2025
Script based transform during index Elasticsearch	1	412	July 6, 2017
Filebeat json to Elasticsearch, error processing pipeline Elasticsearch	3	609	September 18, 2020
GeoIP stopped working after upgrade Elasticsearch	7	64	November 26, 2024
Convert two field string into a single field geo_point Elasticsearch	32	8529	April 29, 2019

"unknown field [pivot]" error

Related topics