Skip to main content

Hello Team, we encountered an error while trying to convert a field to a string. We tried converting to string, but again we encountered same error.

Error - "generic::invalid_argument: pipeline failed: filter mutate (30) failed: replace failure: field \\"startTime.value\\": source field \\"startTime\\": source field value must be a string"

Please find the below code 

if [startTime] != "" and [startTime] != "--" {

mutate {
convert => {
"startTime" => "string"
}
on_error => "status_already_string"
}

mutate {
replace => {
"startTime.key" => "Start Time"
"startTime.value" => "%{startTime}"

}
merge => {
"security_result.detection_fields" => "startTime"
}
}
}



 

The problem might be that you use the same variable name for the original string and the dictionary. I.e. try to change your code to

if [startTime] != "" and [startTime] != "--" {

mutate {
convert => {
"startTime" => "string"
}
on_error => "status_already_string"
}

mutate {
replace => {
"startTimeLabel.key" => "Start Time"
"startTimeLabel.value" => "%{startTime}"

}
merge => {
"security_result.detection_fields" => "startTimeLabel"
}
}
}

Thank you 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.