That should be
if [app_risk][1] { mutate { remove_field => "[app_risk][0]" } }
Note that it will still be an array with a single member.
That should be
if [app_risk][1] { mutate { remove_field => "[app_risk][0]" } }
Note that it will still be an array with a single member.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.