Can I save the fields that I only want?

Hello all.
I collect the network packet data through the 'tshark' and then the packet is filtered through logstash.
But there are a lot of fields in packet data so when I see data in the elasticsearch, there are a lot of fields those are not need to use.

I only need timestamp, ip, port, http response. How to remove the other fields?

(I used elasticsearch mapping in dev tools(kibana) but all the fields are still appear.)

Thank you.

Hey,

I think you are looking for the Logstash Pruning filter.

Tim

It worked for me!
Thank you so much.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.