Filter out beat.*

teamg · March 18, 2019, 9:27pm

I have no use for the beat.hostname, beat.name or beat.version fields and would like to filter them out. This filter does not work:

cat /etc/logstash/conf.d/input.conf

filter {
mutate { remove_field => [ "beat.name", "beat.version", "beat.hostname" ] }
}

Am I missing something?

Badger · March 18, 2019, 10:14pm

mutate { remove_field => [ "[beat][name]", "[beat][version]", "[beat][hostname]" ] }

teamg · March 18, 2019, 11:03pm

Thank you @Badger. That fixed my filter. Appreciate your time and expertise.

system · April 15, 2019, 11:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Mutate remove_field not working for JSON field Logstash	7	6995	July 6, 2017
Logstash filter help pleas Logstash	3	252	April 14, 2023
How to filter beat data by version on logstash? Logstash	3	628	August 22, 2020
Collecting logs from filebeats at k8s to logstash, can't filter fields Logstash	5	21	August 16, 2024
Filter input data from Filebeat using logstash? Logstash	10	694	January 30, 2023

cat /etc/logstash/conf.d/input.conf