How to get rid of new field?

sunilmchaudhari · April 15, 2016, 11:30am

Hi,
I have created eventLogTime field in logstash indexer and assign timestamp form the log. I have provided list of timestamp while doing this. Now the problem is when we are adding applications in centralized logging, some systems have timestamps which are not in the list provided in indexer.
Then it gives error (grokeparsefailure). Due to this I have decided to remove this filter, as its of less importance.

After commenting out this filer, I can still see eventLogTime field for new logs on Kibana?
I hope it should not be there for new logs.

br,
Sunil

warkolm · April 16, 2016, 8:31pm

Use mutate + remove_field - https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-remove_field

sunilmchaudhari · April 19, 2016, 6:38am

Hi,
But I think this will work for current documents which are getting stored.
It saying evenLogTIme is conflicting across indexes. How to solve this? How to get those indexes in which eventLogTime field has conflicting data type?

br,
Sunil

warkolm · April 19, 2016, 7:21am

No, you need to reindex.

sunilmchaudhari · April 19, 2016, 7:43am

Hi,

Re-indexing after remove field?
Re-indexing for new as well as old indexes? or only old indexes?
Any guideline/documentation?

br,
Sunil

warkolm · April 19, 2016, 8:11am

If there are old documents that need changing, they need to be reindexed.
New ones just need the new mutate applied.

Topic		Replies	Views
Should I remove my original time stamp field in favor of @timestamp? Elasticsearch	1	1683	April 6, 2017
Delete fields in events Logstash	3	464	May 18, 2017
Need help how to remove unwanted fields logstash Logstash	2	987	May 11, 2022
Remove _id, _index, _score, _type fields from index by logstash Logstash	4	1037	January 5, 2022
Remove unused fields from logstash-* index Elasticsearch	7	2919	January 26, 2018

How to get rid of new field?

Related Topics