Hi,
Actually I don't need following parameters in logstash geoip out put
geoip.city_name
geoip.continent_code
geoip.dma_code
geoip.ip
geoip.latitude
geoip.location.lat
geoip.location.lon
geoip.longitude
geoip.postal_code
geoip.region_code
geoip.region_name
geoip.timezone
I only need
geoip.country_code2
geoip.country_code3
geoip.country_name
how can i perform this in logstash filter{}
Thanks in adavcne!
Hi there,
you can either remove the unwanted fields, like:
filter {
mutate {
remove_field => [ "[geoip][city_name]", "[geoip][continent_code]" ...]
}
}
or saving the values you're interested in in another field, replace the geoip field with this new one, and then remove the new field like:
filter {
mutate {
copy => { "[geoip][city_name]" => "[new_geoip][city_name]" }
copy => { "[geoip][code1]" => "[new_geoip][code1]" }
copy => { "[new_geoip]" => "[geoip]" }
remove_field => [ "[new_geoip]" ]
}
}
Guess it depends on how many fields you want to keep out of how many they are in total.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.