Correct way to remove unnecessary fields from filebeat

sfenman · July 1, 2020, 8:53am

Hello,

I send different types of logs from filebeat directly to ES and I have noticed in kibana discover tab that my some logs have empty fields which they are used by other log entries. For example, my production log entries have fields like :

    aws.cloudtrail.user_identity.session_context.creation_date  
    cef.extensions.fileCreateTime

which as I can understand are,module fields, but I never activated those modules.
Can you suggest me the correct way to drop them, or to disable from being generated?

sfenman · July 23, 2020, 7:19am

Update on this: Filebeat puts those module fields in all of my log files even from different filebeat agents installed in different instances. All those fields are empty though.

system · August 20, 2020, 9:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to delete field in filebeat7.8.0 Beats filebeat	7	575	June 4, 2022
Filebeat (6.5.4) modules how to remove unused fields Beats filebeat	3	1108	April 11, 2019
How to remove certain Filebeat output fields Beats filebeat	3	8688	June 29, 2017
Is it possible to avoid unwanted log fields in Filebeat? Beats filebeat	2	549	March 9, 2017
How to remove empty fields from filebeat-8.15.1 Beats filebeat	3	43	October 25, 2024

Correct way to remove unnecessary fields from filebeat

Related topics