OultimoCoder
Reputation: 294
Elasticsearch how to override an existing field in a pipeline?
In my Pipeline I extract a timestamp. I would like to override the existing timestamp field. How would I do this?
Pipeline:
{
"description": "...",
"processors": [
{
"grok": {
"field": "message",
"patterns": [
"{TIMESTAMP_ISO8601:timestamp2}"
],
}
}
]
}
I would like timestamp2 to override the original timestamp field.
Upvotes: 1
Views: 240
Answers (1)
Val
Reputation: 217514
You can simply override the field name like this:
"description": "...",
"processors": [
{
"grok": {
"field": "message",
"patterns": [
"%{TIMESTAMP_ISO8601:timestamp}" <--- use timestamp here instead of timestamp2
]
}
}
]
Upvotes: 1
Related Questions
- Change a specific "Value" inside a "Field" in Logstash Config file
- Filebeat - how to override Elasticsearch field mapping?
- Elasticsearch + Logstash: How to add a fields based on existing data at importing time
- logstash extract json field and overwrite index
- Add extra value to field before sending to elasticsearch
- How to easily change a field from analyzed to non_analyzed
- Modify the content of a field using logstash
- Setting Elasticsearch Analyzer for new fields in logstash
- Update fields of logstash index on ElasticSearch
- How to overwrite field value in Kibana?