I want to remove nested elements from logs

Ayushi_bhardwaj · May 22, 2023, 6:58am

i want to remove nested elements from logs

"x": {
     "test": {
        "rulesetname": "eq",
        "operation": {
          "name": "diagnosticresult",
          "version": "235"
        },
        "device": "string",
        "rulesetversion": "16.0",
        "runtimes": {
          "ray": 22,
          "overall": 119,
          "output": 24,
          "dispatch": -1,
          "storeget": -1,
          "ruleset": 62,
          "storeput": -1
        },
        "destination": "string",
        "sync": false,
        "partnumber": "xxxx",
        "trackingid": "xxxxxx",
        "triggerreasons": "9 10 ",
        "cc": "229",
        "raystatus": "OK"
      },
      "k8s": {
        "clustername": "test1",
        "containername": "test2",
        "port": 32808,
        "workernode": "xyz
        "namespacename": "abc",
        "podname": "abccc"
      },
      "logmessagesizeinbytes": 538
    }                                                                }

we want to remove x.test & x.k8s we tried removing by using remove_field => ["[test][0]"]
but this does not work and we dont get the expected results. Could you please help with way to remove

Badger · May 22, 2023, 5:49pm

They are not arrays so the [0] is not needed. Try

mutate { remove_field => [ "[x][test]", "[x][k8s]" ] }

system · June 19, 2023, 5:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.