How to remove all the Host&Cloud fields added to Filebeats/Elasticsearch index?

houmie · November 14, 2020, 9:51am

Hello,

I finally got Filebeats/Elasticsearch/Kibana working.

However the stack seems to have injected a lot of cloud tags (e.g. cloud.account.id) and host tags (host.os.kernel) that has inflated the data and makes it hard to read. How can I remove them please?

Thank you,
Houman

wangqinghuan · November 14, 2020, 4:04pm

You could set drop_fields processor to drop field you dont need.

houmie · November 14, 2020, 5:12pm

Thanks, I actually ended up doing something more radical and commented them all out.

    #processors:
         #- add_host_metadata:
         #when.not.contains.tags: forwarded
      #- add_cloud_metadata: ~
      #- add_docker_metadata: ~
      #- add_kubernetes_metadata: ~

system · December 12, 2020, 7:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Removing fields from Index Beats windows	5	1039	May 6, 2022
Drop_fields and the beats.name/.hostname/.version fields Beats metricbeat	6	1079	January 15, 2018
Disable 'Host' output field from filebeat Beats filebeat	4	2668	November 9, 2018
How to remove certain fields from filebeat index Beats filebeat	6	5762	August 27, 2020
Drop fields generated by beats Logstash	2	567	June 7, 2019

How to remove all the Host&Cloud fields added to Filebeats/Elasticsearch index?

Related topics