Latest Updates


How to configure Mutate Filter in ELK

This filter allows one to perform general mutations on fields. One can rename, convert, strip, and modify fields in the events.

Below is the data in CSV file:

Rahul, Kumar,35,30000,Rahul.kumar,m
Raju, Sinha ,60,70000,raju.sinha,m

We will take the same csv file with the mutate filter and understand its usage. The following code block shows the use of the mutate filter:

As seen in the example, the convert setting within the filter helps to change the data type of a field. The valid conversion targets are integer, string, float, and Boolean. 

If the conversion type is Boolean, the acceptable values are:

True: true, t, yes, y, and 1.

False: false, f, no, n, and 0.

The rename setting within the filter helps to rename one or more fields. The preceding example renames the FName field to Firstname and LName to Lastname.

strip is used to strip the leading and training white spaces. 

The order of the settings within the mutate filter matters. The fields are mutated in the order the settings are defined.

For example, as the FName and LName fields in the incoming event were renamed to Firstname and Lastname using the rename setting, other settings can no longer refer to FName and LName. Rather, to refer they would have to use the newly renamed fields.

uppercase is used to convert the string to upper case. In the preceding example, the value in the Gender field is converted to upper case.

Similarly, by using various settings of the mutate filter, such as lowercase, update, replace, join, and merge, one can lower case a string, update an exiting field, replace the value of a field, join an array of values, or merge fields.
How to configure Mutate Filter in ELK Reviewed by Avotrix.Author on Wednesday, January 16, 2019 Rating: 5

No comments:

All Rights Reserved by Avotrix © 2018 - 2019
Developed and created by Avotrix

Contact Form


Email *

Message *

Powered by Blogger.