I plan to whitelist around 600 fields from 3000 fields in my index pattern but how do I do it?
if I use mutate rename and then use mutate remove to delete the rest of it. it will put so much work into it. I wonder if there is a way to list the fields inside a file and use a ruby filter to check it and remove all fields except the fields inside the file.
but the question is, is it possible? or is there an efficient way to achieve it?
Thanks
this is my sample data
{"response_string":"200","tries":{"port":"980","ip":"10.10.10.1","code":"kuli","state":"lelah"},"request":{"url":"http://wakwaw.com?ciwawaw","headers":{"accept":"accepted","x-tray":"xxxyyyzzz","consumer":"ichigo","mashery-header":"crabs","forwarded-port":"thousand-year_blood-war","api_key":"hcsduchsuiueq"},"querystring":{"type":"string","url":"xxx","channel":"001","message":"wkwkwkwk","api_key":"qowqidopiqw"}},"response":{"headers":{"accept":"Confirmed","cache":"exist","access":"granted"}},"kubernetes":{"host":"asoe","namespace":"jancuk","labels":{"app":"ortodox","deploy":"cloud"}}}
how if I want to whitelist
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.