How to remove all the Host&Cloud fields added to Filebeats/Elasticsearch index?

houmie · November 14, 2020, 9:51am

Hello,

I finally got Filebeats/Elasticsearch/Kibana working.

However the stack seems to have injected a lot of cloud tags (e.g. cloud.account.id) and host tags (host.os.kernel) that has inflated the data and makes it hard to read. How can I remove them please?

Thank you,
Houman

wangqinghuan · November 14, 2020, 4:04pm

You could set drop_fields processor to drop field you dont need.

houmie · November 14, 2020, 5:12pm

Thanks, I actually ended up doing something more radical and commented them all out.

    #processors:
         #- add_host_metadata:
         #when.not.contains.tags: forwarded
      #- add_cloud_metadata: ~
      #- add_docker_metadata: ~
      #- add_kubernetes_metadata: ~

system · December 12, 2020, 7:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.