Rename Fields
The Rename Fields function in Observo AI allows you to rename fields in your data streams. This is useful for standardizing field names, improving readability, or preparing data for downstream processing.
Purpose
To use the Rename Fields function, specify the original field names and the new names you want to assign to them. The function will replace the original field names with the new ones in the output data.
Usage
Select Rename Fields transform. Add Name (required) and Description (optional).
General Configuration:
Bypass Transform: Defaults to disable. When enabled, this transform will be bypassed entirely, allowing the event to pass through without any modifications.
Add Filter Conditions: Defaults to disable. When enabled, it allows events to filter through conditions. Only events that meet the true condition will be processed; all others will bypass this transform. Based on AND/OR conditions, "+Rule" or "+Group" buttons.
Rename Fields: Enabled: Defaults to enabled, meaning it does evaluate all events. Toggle Enabled off to prevent event processing to feed data to the downstream Transforms.
Fields to Rename Rules: Set of event fields to evaluate and add/set. First field entry (1 rule) key-value pair added by default. Click Add button to add new field as a key-value pair, with the following inputs:
Original Field Name: Enter the name of the field to be renamed. The current model does not support renaming fields inside a JSON array. Click in the associated text box to get field choices or type field name directly.
New Field Name: Enter a new name for the field. Can only be a string literal.
Examples
Renaming a Single Field
Prerequisites
Add Filter Conditions: Disabled
RenameFields: Enabled
Fields to Rename Rules
Rule 1
src_ip
source_ip
Sample Data
|
"src_ip": "192.168.1.1",|
"source_ip": "192.168.1.1",| | ------------------------------------------------- | ---------------------------------------------------- |
Results: The field src_ip is renamed to source_ip for all events.
Renaming Multiple Fields
Scenario: Rename src_ip to srcip and _dest_ip to destination_ip if production environment.
Prerequisites
Add Filter Conditions: Enabled
RenameFields: Enabled
Add Filter Conditions
AND
environment
equals
production
Fields to Rename Rules
Rule 1
src_ip
source_ip
Rule 2
dest_ip
detination_ip
Example Data
|
“environment”: “production”,
"src_ip": "192.168.1.1",
"dest_ip": "10.0.0.1"|
“environment”: “production”,
"source_ip": "192.168.1.1",
"destination_ip": "10.0.0.1"| | ------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- |
Results: The field src_ip is renamed to source_ip and dest_ip is renamed to destination_ip for all events in the production environment.
Notes
If a field specified in Original Field Name does not exist in the input data, the function will skip renaming for that field
Renaming fields does not alter the values of the fields; only the field names are updated.
Best Practices
Descriptive names: Use clear and concise names that directly explain the data contained within the field, like "user_id" instead of "uid" or "userId".
Consistency: Ensure all log fields across your application use the same naming convention for example camelCase or snake_case to avoid confusion.
Standardization: If possible, align your field names with industry standards or common practices within your organization.
Avoid abbreviations: Unless the abbreviation is universally understood within your team, opt for full words to enhance readability.
Context-specific naming: Consider the specific context of each log entry when choosing field names, ensuring they provide meaningful information.
Versioning: If you need to change a field name, consider adding a version number to the old name to maintain backwards compatibility during log analysis.
Related Functions
Add Fields: Add new fields to your data.
Remove Fields: Remove unnecessary fields from your data.
Filter Event: Apply conditions to filter data before or after removing fields.
Additional Resources
Last updated
Was this helpful?