decode_base64_field processor specifies a field to base64 decode.
field key contains a
from: old-key and a
to: new-key pair.
the origin and
to the target name of the field.
To overwrite fields either first rename the target field or use the
processor to drop the field and then rename the field.
processors: - decode_base64_field: field: from: "field1" to: "field2" ignore_missing: false fail_on_error: true
In the example above: - field1 is decoded in field2
decode_base64_field processor has the following configuration settings:
(Optional) If set to true, no error is logged in case a key
which should be base64 decoded is missing. Default is
(Optional) If set to true, in case of an error the base64 decode
of fields is stopped and the original event is returned. If set to false, decoding
continues also if an error happened during decoding. Default is
See Conditions for a list of supported conditions.
Intro to Kibana
ELK for Logs & Metrics