i remove field be by the below way, but it seems to remove all the event, what‘s the different when using remove_field between drop and grok?
remove all the event
work
work
If you read the docs, drop drops everything that gets to this filter -> https://www.elastic.co/guide/en/logstash/current/plugins-filters-drop.html
You can remove fields in any filter.
mutate {
remove_field => ["message"]
}ths, i miss it when i read the doc...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.