Hi!
I'd like to remove inner filed "message"becouse its epmty.
How can i make this?
My rule:
if [message] == "" { drop { } }
But its not working.
Can anyone take advice for me?
I want to find problem with filebeat, why it sends to logstash empty message filed, or process it in logstash.
So what about this?
It could very well be because you have consecutive newlines in your logs. You can try filtering these in Logstash based on regular expression:
if [message] =~ /^$/ {
drop {}
}