Http filter leaves fields, that are inserted to elasticsearch

MMH · September 20, 2019, 5:28pm

Basically my pipeline looks like this:

input {
    (...) #some input
}
filter {
    http {
        (...) #http request
    }
}
output{
    elasticsearch{
        (...)
        action => "update"
        doc_as_upsert => true
    }
}

I need http filter to do a particular HTTP request. But nothing more in http filter, I am not reading data back.
Usage of that filter unwanted result is, that fields produced by http filter are being inserted into ELS document which is updated. For example: headers, body, @version, @timestamp, ...
I tried to use mutate with remove_field to get rid of those unnecessary fields, which work for
headers and body, but I am left with fields like @version, @timestamp which I cannot remove (document will not be updated in ELS) but also do not want them in my document _source.
Is there a way to perform http filter without adding new fields to the event?

Badger · September 20, 2019, 5:39pm

@version and @timestamp are not added by the http filter. They are added to all events by logstash. If I recall correctly @timestamp is mandatory, elasticsearch requires it to be present. Not sure about @version.

MMH · September 20, 2019, 6:11pm

Yes, my mistake.
I would delete this topic, but I do not have permission to do so.

system · October 18, 2019, 6:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove header fields generated by http input plugin Logstash	2	5733	July 18, 2017
Delete a field in filter, but use it in output Logstash	8	7863	July 6, 2017
Is it possible to remove/work http headers? Logstash	1	785	July 6, 2017
Elasticsearch output filter Logstash	2	386	December 9, 2016
Remove fields from documents based on their value Logstash	8	4572	October 17, 2019

Http filter leaves fields, that are inserted to elasticsearch

Related topics