How to remove a field

sampasei · January 21, 2016, 9:41am

Hi all,
i have a log (txt) file like this one:

#fields    ts    proto    trans_id    test    test2
1453139999.678755    udp    43124    - -

Each field is tab separated. Using a grock filter i can take the field values, but i'm not able to remove a field if its value is equal to "-" (like test and test2 in the example above).
How can i do this?
thanks

magnusbaeck · January 21, 2016, 6:48pm

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

filter {
  if [name-of-field] == "-" {
    mutate {
      remove_field => ["name-of-field"]
    }
  }
}

Topic		Replies	Views
How to remove fields with - values in logstash filter? Logstash	5	2050	January 3, 2022
Unable to remove the field Logstash	2	675	July 6, 2017
Can't remove fields in logstash 5.2.2 Logstash	5	805	April 12, 2017
Remove a field from logstash Logstash	1	513	August 8, 2017
How can i remove field? Logstash	3	633	July 6, 2017

How to remove a field

Related topics