Filebeat not filtering data according to fields in decode_json_fields

akshaygawali · January 18, 2019, 9:37pm

In my filebeat configuration, I am trying pass json file to filebeat and want specific fields in the json to filtered and passed to elasticsearch. I am not using logstash. Below is my filebeat config:

- type: log
  paths:
     - /var/log/test4*.json
  json.keys_under_root: true
  json.add_error_key: true
  processors:
    - decode_json_fields:
        fields: ["header"]
        process_array: false
         max_depth: 1

Example of my json file:

{"header1": "nissan"},
{"header": "mazda"},
{"header": "honda","cars":[ "civic", "accord", "clarity" ] }

I would like only the following to sent to Elasticsearch.

{"header": "mazda"},
{"header": "honda"}

system · February 15, 2019, 9:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nested JSON parsing issues Beats filebeat	9	1603	February 28, 2020
How to fetch all the fields in decode_json_fields instead of specifying all the fields inside Beats filebeat	4	605	February 11, 2020
Sending JSON to Elasticsearch Beats filebeat	2	348	October 20, 2018
Filebeat processors decode_json_fields with condition not working Beats filebeat	1	433	March 4, 2020
Filebeat decode_json_fields isn't parssing arrays Beats filebeat	3	657	November 26, 2019

Filebeat not filtering data according to fields in decode_json_fields

Related topics