HI there
I am trying to find out what the syntax is for renaming fields from an incoming json message. We dropped the message at first to remove metadata but it is unclear to me in subsequent segments of the pipeline config, under filters, how the mutate rename function works.
With regards to syntax, is the first entry the source (as in, the field before logstash transforms it) and the second is destination? That's usually the syntax for unix but maybe this is different.
mutate {
rename => { "logtime" => "timestamp" }
}
This would mean that the resulting field in elastic would be "timestamp", after mutate renamed logtime (the upstream log field) Am I correct in saying this? Thanks