Hi,
I am using filebeat to ship logs to logstash, and creating index. Now while visualising logs from kibana there are many unwanted fields i am seeing like agent.id, cloud.account.id. I want to remove all the fields. I want to see only message agent.hostname.
i tried using remove_field which specified here
filter {
mutate {
remove_field => [ "agent.%{somefield}" ]
}
}
but still i see fields in the kibana dashboard.
Hi,
In the documentation you can find :
If the event has field "somefield" == "hello" this filter, on success, would remove the field with name "foo_hello" if it is present.If the field somefield do not exist, no field will be deleted.
In your case, something like this would be enough.
filter {
mutate {
remove_field => [ "agent.id", "cloud.account.id" ]
}
}
Cad.
Thank you.
I tried with agent.id. Still seeing this values in kibana.
I have restarted logstatsh after modifying conf file.
You might want try a prune filter with the blacklist_names option.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.