Filebeat didn't drop some of the fields

John_06 · May 21, 2017, 1:36am

I am trying to drop some not needed fields with Filebeat:

filebeat.yml:

filebeat.prospectors:

- input_type: log
  paths:
    - /var/log/app1.log
  fields:
    app_name: app1
  fields_under_root: true

processors:
 - drop_fields:
     fields: ["type", "beat.name", "beat.version", "_type", "_score", "_id", "@version", "offset"]

registry_file: /var/lib/filebeat/registry

output.logstash:
   ...

As of now, only beat.name, beat.version and offset fields have been dropped.
How can I drop other fields?

ruflin · May 22, 2017, 1:17pm

Be aware that not all these fields are generated by filebeat, but also some by elasticsearch as they are required for elasticsearch to work, for example all the _* fields. Others are probably added by Logstash.

system · June 19, 2017, 1:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certain fields in "drop_fields" are not dropped Beats filebeat	1	112	April 16, 2024
Filebeat drop_fields processors module does not work Beats filebeat	1	259	December 14, 2021
Drop multiple fields with regex on field names using filebeat Beats filebeat	5	2993	December 27, 2017
Drop fields generated by beats Logstash	2	567	June 7, 2019
The processors only filter part of message Beats filebeat	4	1343	January 1, 2018

Filebeat didn't drop some of the fields

Related topics