Hey guys, My name is Jacob and im using filebeat for our log collections with ELK stack.
ELK is amazing but we have a problem we have a lot of fields like "host.os.name" or "host.os.platform" that we don't need, How can I configure it?
Hey,
you can use the include_fields option in the processor section
https://www.elastic.co/guide/en/beats/filebeat/7.4/include-fields.html
Just add the fields you like and anything else will be gone.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.