According to elastic convention we use dot for grouping. However when I try to use a dot in add_field it stops working.
Working:
mutate {
add_field => {"foo" => "baz"}
}
Not working:
mutate {
add_field => {"foo.bar" => "baz"}
}
Not working:
mutate {
add_field => {"[foo][bar]" => "baz"}
}
So how do I make it work with dot in field's name?
I think I've found a solution.
This is working for me (for some unexplained reason):
mutate {
add_field => { "[][foo][bar]" => "baz" }
}