How to get rid of new field?

sunilmchaudhari · April 15, 2016, 11:30am

Hi,
I have created eventLogTime field in logstash indexer and assign timestamp form the log. I have provided list of timestamp while doing this. Now the problem is when we are adding applications in centralized logging, some systems have timestamps which are not in the list provided in indexer.
Then it gives error (grokeparsefailure). Due to this I have decided to remove this filter, as its of less importance.

After commenting out this filer, I can still see eventLogTime field for new logs on Kibana?
I hope it should not be there for new logs.

br,
Sunil

warkolm · April 16, 2016, 8:31pm

Use mutate + remove_field - https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-remove_field

sunilmchaudhari · April 19, 2016, 6:38am

Hi,
But I think this will work for current documents which are getting stored.
It saying evenLogTIme is conflicting across indexes. How to solve this? How to get those indexes in which eventLogTime field has conflicting data type?

br,
Sunil

warkolm · April 19, 2016, 7:21am

No, you need to reindex.

sunilmchaudhari · April 19, 2016, 7:43am

Hi,

Re-indexing after remove field?
Re-indexing for new as well as old indexes? or only old indexes?
Any guideline/documentation?

br,
Sunil

warkolm · April 19, 2016, 8:11am

If there are old documents that need changing, they need to be reindexed.
New ones just need the new mutate applied.

Topic		Replies	Views
Should I remove my original time stamp field in favor of @timestamp? Elasticsearch	1	1684	April 6, 2017
Unable to remove "timestamp" field (not "@timestamp"!) Logstash	2	252	September 14, 2021
How to remove field with logstash5.0.2? Logstash	3	791	January 4, 2017
Delete fields in events Logstash	3	464	May 18, 2017
Need help how to remove unwanted fields logstash Logstash	2	995	May 11, 2022

How to get rid of new field?

Related topics