Rename

The Rename function changes a field's name.

Usage

• Operates On: Field names
• Supported Field Types: Any, so long as the event field has a field name. Primitive values in array's do not have field names, so they are not supported.
• Label: Optional
• Filter: Optional

Required Configuration

• Field Name: The path to the field name to change.
• Field Value: This can either be a literal string value or you can select the value of a field name by enclosing the name in the selector pattern {field_name}. The selected field must be a string.

Example: String rename

Rename the event's field named host to hostname

Configuration

• Field Name: host
• Field Value: hostname

Before

{
  "host": "localhost",
  "message": "[10.010871] kernel: NVRM: loading NVIDIA UNIX x86_64 Kernel Module 510"
}

After

{
  "hostname": "localhost",
  "message": "[10.010871] kernel: NVRM: loading NVIDIA UNIX x86_64 Kernel Module 510"
}

Example: Rename from selected field

Rename the error field name to the value of the region field to get an error keyed by region.

Configuration

• Field Name: error
• Field Value: {region}

Before

{
  "region": "us-east-1",
  "error": "there was an error connecting"
}

After

{
  "region": "us-east-1",
  "us-east-1": "there was an error connecting"
}