Hello ELK gurus,
i'm completing my company's cluster configuration but now i have one big issue.
I have grok patterns configured like this:
grok {
#portal.redirector-access
match => { "message" => "%{DATA:faceserver} %{DATA:portal}: %{DATA:app_portal} %{IP:ip} - - - %{NUMBER:response} %{GREEDYDATA:request} %{NUMBER:ask1} \"%{GREEDYDATA:url}\"" }
add_field => {
"type" => "portal.redirector-access"
}
}
Even if i remove the "add_field" lines, i still have logs coming in ES with type attached.
I also tried:
mutate {
remove_field => ["type"]
}
... but doesn't work either.
Any suggestions ? Am i missing something ?
Thanks a lot!