Updated March 15, 2023
Introduction to Logstash mutate
The Logstash mutate is defined as the mutate is the filter in logstash. It can allow us to accomplish general mutations on fields like it can rename, remove, replace, and modify the fields in our events. We can say that the filters in the logstash will allow us to constrain the fields into a particular type of data. It can also allow adding, copy, and updating the fields to assemble them compatible beyond the environment. This filter and its various configurations have been described in a section which can be the configuration file in the logstash.
What is Logstash mutate?
The mutate filter has been constructed into Logstash; it has a specific command for verification; the mutate filter with its various configuring options has been described in the section of a configuration file. In the filter section, the fields of the upcoming events can be converted and proceeds. The output section will provide the analyzed data; various options can be used with the mutate filter in such a way it can copy fields. It can rename the fields; it can also make the letters uppercase and lowercase; it also does the rename, join, and so on. The mutate filter in the Logstash can have its own order of sorting, and it can also allow to personalized the order by configuring the blocks of it.
Logstash mutates filters
Given below are the different filters of Logstash mutate:
-
add_field
This is a type of field which we can say that it is an option for a filter which has the ‘hash’ value type, it has default value {}, by using this option or field, we can able to add a new field to the event, if this filter is successful then it allows to add any field in the event in random order, the field name can be dynamic and, in this filter, we can able to add multiple fields at one time.
-
add_tag
By using this configuration option, we can able to add any label to the event; it has an ‘array’ value type and no default value for this setting; if this filter gets successful, then it allows to add of a new tag to the event in random order, the tags may be dynamic, and it can take part in the event with the help of the % {} field.
-
convert
This is another filter that can convert a value of a field into a different type; for example, it can convert a string into an integer, it has value type ‘hash,’ but it does not have any default value for a setting; it can convert all members when the field value is an array on the other hand if the field value is ‘hash,’ and then there is no need to take a step, the valid target for it are string, float, and integer.
-
gsub
It has value type ‘array,’ it does not have a default value for a setting, with the help of systematic expressions, it can transform the string field, and if the field is not a string, then it will not perform any action, it takes action when an array contains 3 elements for every field.
-
join
The join is an array type filter that can have a separate character in which it cannot work on the non-array fields, has a ‘hash’ value type, and does not have any default value for the setting.
-
lowercase
The ‘lowercase’ filter can transform a string into its lowercase equivalent; it has an ‘array’ value type and does not have a default value.
-
merge
It has a ‘hash’ value type, it does not have a default value, in which it can merge two fields of an array, it can convert string field into an array involuntarily when we use array and string then it will convert to string and string, and the result will be two arrays.
-
remove_field
It has an ‘array’ value type with ‘[]’ as a default value; if the given filter is successful, then it can remove the field from an event at random order, which may have a dynamic field name.
-
remove_tag
It has an ‘array’ value type in which it has ‘[ ]’ default value, if the given filter gets successful, then it can remove the tag from an event randomly, the tags may be dynamic, and the chunk of the event can be like % {} in syntactically.
-
rename
This is also a field that can be used with a mutate filter that has a ‘hash’ value type and it does not have the default value for a setting; it can be renamed one or more fields.
-
replace
This filter can have a ‘hash’ value type, and there is no default value that has been used for setting; it can able to replace the field with a new value, the new value can have %{} syntax, and it can construct the new value from another part of the event.
-
split
It has a ‘hash’ value type and no default value; it can split a field into an array with the help of a special character, it can work with string fields only.
-
strip
It has an ‘array’ value type in which there is no default value available for a setting that can work with main whitespaces.
-
update
It can able to update the present field with a new value; if there is no field available, then it will not work; it has a ‘hash’ value type.
-
uppercase
It can transform the string into an uppercase equivalent with an ‘array’ value type with no default value.
Conclusion
In this article, we conclude that with the help of mutating filter, we can able to carry out different types of operations on the specific fields; we have also discussed the fields which are available in the mutate filter in this way, we have also seen the definition of mutating in the logstash.
Recommended Articles
This is a guide to Logstash mutate. Here we discuss the help of mutating filters we can able to carry out different types of operations on the specific fields. You may also have a look at the following articles to learn more –
