Can I save the fields that I only want?

lilyyy · April 11, 2023, 10:57am

Hello all.
I collect the network packet data through the 'tshark' and then the packet is filtered through logstash.
But there are a lot of fields in packet data so when I see data in the elasticsearch, there are a lot of fields those are not need to use.

I only need timestamp, ip, port, http response. How to remove the other fields?

(I used elasticsearch mapping in dev tools(kibana) but all the fields are still appear.)

Thank you.

TimBosman · April 11, 2023, 1:47pm

Hey,

I think you are looking for the Logstash Pruning filter.

Tim

lilyyy · April 13, 2023, 1:29pm

It worked for me!
Thank you so much.

Topic		Replies	Views
Elasticsearch output filter Logstash	2	396	December 9, 2016
How to write only specific fields to elasticsearch from logstash Logstash	5	11305	July 6, 2017
Add filter to send specific fields to elasticsearch Logstash	12	1815	March 12, 2019
Get only specific fields from a data file Logstash	3	571	September 16, 2019
Remove unnecessary fields in ElasticSearch Logstash	11	5875	July 6, 2017

Can I save the fields that I only want?

Related topics