Filter out beat.*

teamg · March 18, 2019, 9:27pm

I have no use for the beat.hostname, beat.name or beat.version fields and would like to filter them out. This filter does not work:

cat /etc/logstash/conf.d/input.conf

filter {
mutate { remove_field => [ "beat.name", "beat.version", "beat.hostname" ] }
}

Am I missing something?

Badger · March 18, 2019, 10:14pm

mutate { remove_field => [ "[beat][name]", "[beat][version]", "[beat][hostname]" ] }

teamg · March 18, 2019, 11:03pm

Thank you @Badger. That fixed my filter. Appreciate your time and expertise.

system · April 15, 2019, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Modifying / using beats field in logstash filter Logstash	2	829	October 31, 2017
Mutate remove_field not working for JSON field Logstash	7	6998	July 6, 2017
Logstash filter help pleas Logstash	3	252	April 14, 2023
Problem in updating beat.hostname Logstash	2	1382	July 6, 2017
How to filter beat data by version on logstash? Logstash	3	629	August 22, 2020

cat /etc/logstash/conf.d/input.conf