Substitute Processor

Jump to bottom

Jonah Kowall edited this page Jul 9, 2021 · 1 revision

Substitue [gsub]

This processor allows you to search a field for a value based on a regex and then replace it with another value.

field
pattern
replacement

Examples

{  
  gsub: {  
    config: {  
      field: "kv"
      pattern: "dst-xlated ip"
      replacement: "dst-xlated_ip"
    }
  }
}

{  
  gsub: {  
    config: {  
      field: "parsed_json_key"
      pattern: "[\\s/\\\\?#-\\.]"
      replacement: "_"
    }
  }
}