I'm using dissect plugin to parse logs.
The log looks like this:
a b c d - f - h
The dissect is
%{f1} %{f2} %{f3} %{f4} %{f5} %{f6} %{f7}
So the "f4": -
I'm looking for a way to drop the field with dash (-) from the event. Any suggestion for doing this. The dash means empty value from my application so it can be ignored. I don't want elasticsearch to store empty indexes.
Thanks // Hugo