Cannot remove "Type" field added with Logstash

a.sailor · March 6, 2019, 8:31am

Hello ELK gurus,
i'm completing my company's cluster configuration but now i have one big issue.

I have grok patterns configured like this:

grok {
  #portal.redirector-access
   match => { "message" => "%{DATA:faceserver} %{DATA:portal}: %{DATA:app_portal} %{IP:ip} - - - %{NUMBER:response} %{GREEDYDATA:request} %{NUMBER:ask1} \"%{GREEDYDATA:url}\"" }
   add_field => {
   "type" => "portal.redirector-access"
    }
}

Even if i remove the "add_field" lines, i still have logs coming in ES with type attached.
I also tried:

mutate {
   remove_field => ["type"]
}

... but doesn't work either.
Any suggestions ? Am i missing something ?

Thanks a lot!

system · April 3, 2019, 8:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can not remove "tags" field? Logstash	1	2364	December 21, 2016
Can't remove fields in logstash 5.2.2 Logstash	5	805	April 12, 2017
ELK 5.4 - LS reverts to automatic mapping when 'type' field is removed or renamed - ultimate :-) Logstash	17	1115	July 11, 2017
Remove a field from logstash Logstash	1	513	August 8, 2017
Remove_field for "type" is not working Logstash	1	535	October 31, 2017

Cannot remove "Type" field added with Logstash

Related topics