This was my index looks like in kibana.
I don't want so many fields below, so how can i delete/avoid those from my index.
Ex.: id, _score, version, beat info.
{
"_index": "test",
"_type": "testing",
"_id": "AVqK6n0wvKz7",
"_score": null,
"_source": {
"@timestamp": "2017-03-01T17:27:48.830Z",
"offset": 207,
"@version": "1",
"input_type": "log",
"beat": {
"hostname": "ip",
"name": "ipl",
"version": "5.0.2"
},
"host": "ipl",
"source": "/var/log/ambari.log",
"message": "ERROR [main] DBAccessorImpl:109 - Error while creating database accessororg.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.",
"type": "error-log",
"tags": [
"ambari",
"beats_input_codec_plain_applied",
"_grokparsefailure"
]
},
"fields": {
"@timestamp": [
1488389268830
]
},
"sort": [
1488389268830
]
}
Note: Please encapsulate your code/console pasts within triple-backticks: ```. I've done this for you.
Removing them in ES is a full delete->reindex operation. Very doable, but perhaps not easy.
Really, the only things that actually come in your document are the things in _source. You can't eliminate the _index, _type, _id, and _source fields as they are ES metadata. _score is generated at search time, so it's not actually in your document.
@timestamp is necessary, and beat (and its sub keys) are used as identifiers, but can possibly be deleted. The others are perhaps up to you.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.