Can not remove "tags" field?

agrm · November 23, 2016, 9:54pm

I have the following pipe configuration (See bellow). It removes all additional fields except "tags". I am using the latest elasticsearch and logstash software. What could be wrong that it does not remove "tage"?

input
{
udp
{
port => 6789
codec => "json"
}
}

filter
{
if [CLIENT_DATA]
{
grok
{
match => { "@timestamp" => "%{YEAR:year}-%{MONTHNUM:month}-%{MONTHDAY:day}T%{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second}." }
}

 mutate
 {
    add_field => { "pc_received_date" => "%{year}-%{month}-%{day} %{hour}:%{minute}:%{second}" }

    add_field => { "pc_name" => "my_pc_name" }

    remove_field => [ "@version" , "tags" , "host" , "CLIENT_DATA" , "year" , "month" , "day" , "hour" , "minute" , "second" , "@timestamp"]
 }

}
else
{
drop {}
}
}

output
{
elasticsearch
{
hosts => ["localhost:9200"]
codec => "json"
}

stdout { codec => rubydebug }

}

system · December 21, 2016, 9:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove "tags" field not possible? Logstash	1	550	February 5, 2017
Logstash 5.0.2 not removing tags field Logstash	5	1433	December 30, 2016
Tags filed added by logstash Logstash	1	514	December 27, 2016
Can't remove fields in logstash 5.2.2 Logstash	5	805	April 12, 2017
Remove a field from logstash Logstash	1	513	August 8, 2017

Can not remove "tags" field?

stdout { codec => rubydebug }

Related topics