Hi,
I'm looking to blacklist 1000+ nested fields. I've read in another forum that it's not possible to use the prune filter for nested filters, but I can with a ruby filter. I wanted to know is there a way to blacklist with a ruby filter using a wildcard based on the first object field? e.g., if I had a field called "File.Type.Extension", could I create a ruby filter that could blacklist all fields that begins with File or essentially File*? Or could you provide me guidance based
"""
filter {
ruby {
code => "
def remove_fields(blacklist, event)
blacklist.each { |field| event.remove(field) }
end
blacklist = [
'[File]*'
]
remove_fields(blacklist, event)
"
}
}
"""