How to whitelist a hunreds nested field

I plan to whitelist around 600 fields from 3000 fields in my index pattern but how do I do it?

if I use mutate rename and then use mutate remove to delete the rest of it. it will put so much work into it. I wonder if there is a way to list the fields inside a file and use a ruby filter to check it and remove all fields except the fields inside the file.

but the question is, is it possible? or is there an efficient way to achieve it?


this is my sample data


how if I want to whitelist

  • request.headers.accept
  • request.headers.api_key
  • request.querystring.type
  • response.headers.access
  • all fields under kubernetes


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.