How can i remove field?

Mykolaichenko · February 4, 2016, 2:34pm

Hi!
I'd like to remove inner filed "message"becouse its epmty.
How can i make this?
My rule:

if [message] == "" { drop { } }

But its not working.
Can anyone take advice for me?

Mykolaichenko · February 6, 2016, 8:53pm

I want to find problem with filebeat, why it sends to logstash empty message filed, or process it in logstash.
So what about this?

Christian_Dahlqvist · February 7, 2016, 7:22am

It could very well be because you have consecutive newlines in your logs. You can try filtering these in Logstash based on regular expression:

if [message] =~ /^$/ {
    drop {}
}

Topic		Replies	Views
How to remove a field Logstash	2	428	July 6, 2017
Logstash if message is empty, drop the entire row Logstash	10	7636	April 3, 2020
Exclude log messages in logstash Logstash	8	1937	February 8, 2023
Filebeat Logstash CSV filter best practices Beats filebeat	3	883	March 15, 2020
Filebeat fields error.message disable/remove from Table Beats	2	308	April 9, 2020