cfxdm - dm:fixcolumns

dm:fixcolumns: This cfxdm tag allows the user to remove the special characters like @,. (dot) etc from a column name. If there is a special character in between a column name (ex: First.Last), it replaces it with (underscore) (Ex: First_Last)

dm:fixcolumns syntax: It doesn't require any arguments. Just ingest the data into this tag using a pipe (-->)

In the below example, for a reference, we are going to use Netflow data that is ingested into Elasticsearch as an extension to query the data and ingest it into dm:mergecolumns to select specific columns using include/exclude or both together and merge them into a single target column.

Enter the below command to select Netflow tag (#es:netflow). (In this example, es name is used as a label to identify Elasticsearch extension and it's tags that are pointing to Netflow data index. The label is defined while adding the extension in cfxdx configuration file or through UI)

tag #es:netflow

Example 1: Select three columns using the GET option from the Netflow tag.

Get the TCP protocol data from Elasticsearch Netflow tag (#es:netflow) for the last 1 hour and select the below three columns and ingest them into dm:fixcolumns tag to rename the names of the columns by replacing the special character (. (dot) with _ (underscore).

Source Columns:

• flow.client.addr

• flow.server.addr

• flow.service.port

Output Columns: (after replacing the special character ". (dot)" with "_ (underscore)"

• flow_client_addr

• flow_server_addr

• flow_service_port

data * get `flow.client_addr`,`flow.server_addr`,`flow.service_port` --> dm:fixcolumns