Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Move Field

Description

The Move Field processor can be used to move a telemetry field.

Use

The Move Field processor is utilized for moving telemetry fields in metrics, logs, and traces based on specified conditions.

Supported Types

MetricsLogsTraces

Configuration

FieldDescription
Telemetry TypesThe types of telemetry to apply the processor to.
ConditionA condition that determines when this processor is applied.
Move FromThe telemetry field to move from.
Move ToThe telemetry field to move to.

Example Configuration(s)

Moving An Entire Log Body

In this configuration, the entire body field is moved to a field on attributes called body_nested. This method is useful for destinations that ignore or use the body field in an undesired manner.

Web Interface

observIQ docs - Move Field - image 1

Nesting A Field

This configuration will nest an attributes field named time_local within another field named simply time. This is useful for simplifying or standardizing the data structure of incoming logs. In this example, note the use of bracket notation to create nested fields.

Web Interface

observIQ docs - Move Field - image 2