How to remove IP-address from elasticsearch submission after geoip parses it?

Our logs contain clients' IP-addresses, which we pass to the geoip-filter:

filter {
		geoip {
			source => "client_ip"
output {
		elasticsearch {
			hosts => ["...."]
			index => "logstash-%{+YYYY.MM.dd}"

This sends both -- the original client_ip field (found by a match) and the geographical information derived from it -- into ElasticSearch. However, we do not want to keep the IP-address around -- to save space and avoid tangling with Europe's "privacy" regulations. How do we exclude it?

Check out Mutate Filter remove_field:

1 Like

You can also remove it in the geoip filter .

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.