25 Mar How to Configure Mutate Filter in ELK
Mutate filter permits one to execute mutations on fields. You can rename the fields, transform, clear, and alter them in the events. The data mentioned below is in CSV file: FName,LName,Age,Salary,EmailId,Gender Rahul, Kumar,35,30000,Rahul.kumar,m Raju, Sinha ,60,70000,raju.sinha,m Rita,kumari,46,90000,rita.kumari,f
Let’s consider the above CSV file with a mutate filter and analyze its usage. The below-mentioned code block represents the advantage of the mutate filter.
As mentioned in the above example, the converting setting in the filter lets one alter the data type of a field. The substantial transformation targets are integer, string, Boolean, and float.
If Boolean is the conversion type, the admissible values are:
True: true, t, yes, y, and 1.
False: false, f, no, n, and 0.
The rename setting in the filter allows renaming one or more fields. In the preceding example, the FName field is renamed as Firstname and LName as Lastname.
The strip setting is used to clear the leading and trailing white space.
The order of the settings used in the mutate filter is important. The mutation of the fields occur in the order the settings are elucidated.
In the above example, the fields FName and LName in the event were renamed as Firstname and Lastname using the setting ‘rename’. Hence other settings can’t refer to FName and LName. Rather, they should use the renamed fields to refer. The uppercase setting is to convert the strings to upper case. In the previous example, the values in the Gender field is transformed into upper case.
Similarly, with the help of various settings of the mutate filter such as lowercase, join, update, replace, and merge, you can transform a string to lower case, combine an array of fields, update an existing field, substitute the values of a field, or merge two or more fields.
CyberChasse provide the best cybersecurity Services in US