Hello! I receive messages like this: "app_risk = 0 app_risk =2" or "app_risk = 0" After kv filter, I have field "app_risk": [ "0", "2"] or ["0"]. How I can delete the first element of array - "0", if app_risk[1] exist ? I try to do in filter if [app_risk [1]] == "1"{ mutate {remove_field => ["…

How I can delete element from array?

Badger October 30, 2019, 2:40pm 2

That should be

if [app_risk][1] { mutate { remove_field => "[app_risk][0]" } }

Note that it will still be an array with a single member.

Question elk

Topic		Replies	Views
How to cut and delete elements in a array with Logstash Logstash	6	4252	July 6, 2017
How to remove element value in array field Logstash	4	3033	March 29, 2018
Delete dictionary from array if one key is empty Logstash	3	154	February 26, 2024
Remove a field from an array based on another field's value Logstash	3	1572	June 20, 2017
Any sane way to filter/remove fields in an array such as [0], [1]? Logstash	1	238	August 5, 2021