How to remove a field

sampasei · January 21, 2016, 9:41am

Hi all,
i have a log (txt) file like this one:

#fields    ts    proto    trans_id    test    test2
1453139999.678755    udp    43124    - -

Each field is tab separated. Using a grock filter i can take the field values, but i'm not able to remove a field if its value is equal to "-" (like test and test2 in the example above).
How can i do this?
thanks

magnusbaeck · January 21, 2016, 6:48pm

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

filter {
  if [name-of-field] == "-" {
    mutate {
      remove_field => ["name-of-field"]
    }
  }
}

Topic		Replies	Views
Unable to remove the field Logstash	2	690	July 6, 2017
How to remove field with logstash5.0.2? Logstash	3	813	January 4, 2017
How to remove fields with - values in logstash filter? Logstash	5	2136	January 3, 2022
Remove a value in grok filter Logstash	9	2909	July 6, 2017
Delete fields in events Logstash	3	482	May 18, 2017

How to remove a field

Related topics