Hello, I need to rename the field “source” to “DC_Name”. I have used the pipeline code.
rule “rename_field”
when
has_field(“source”)
then
rename_field(“source”,“DC_Name”)
end;
But it doesn’t work.
Hello @vsingh && Welcome
Pipeline looks good, make sure Message Processors Configuration is correct.
Pipeline Processor has to come after Message Filter chain.
BTW, I moved this post to the correct category. I believe this is a issue not Contest 
“source” is a reserved field within Graylog meaning you cannot rename or get rid of it, same with “timestamp” and “message”. What you can do here is create a field called “DC_Name” and assign that the same value as “source”, then edit your search screen to display “DC_Name” as one of the columns on that page.
The rule would look something like:
rule "Set DC_Name to source value"
when
has_field("source")
then
set_field("DC_Name", to_string($message.source));
end
For modifying the search screen, select the down carrot in the upper right of the “All Messages” widget, then select “Edit”, and make your desired changes there.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.