I am creating new field and copy data from existing one with:
mutate {
add_field => { "NewField" => "%{[Old][Field]}" }
}
The problem that I am having is, prior this copy operation the OldField looks well presented in kibana in this way:
{
"message": "1"
}
{
"message": "2"
}
{
"message": "3"
}
{
"message": "4"
}
After copying the NewField represents the data in one line:
{message=1},{message=2},{message=3},{message=4}
Is there a way to keep the original formatting? The old field is a JSON array, the new field is text.
Thanks!
Have you tried using copy instead of add_field?
mutate {
copy => { "[Old][Field]" => "[NewField]" }
}