Is it possible to avoid unwanted log fields in Filebeat?

elasticheart · February 9, 2017, 12:01pm

Hi,

I am using Filebeat GA 5.0.0. I have log files having entries like;

<Jan 16, 2017 9:35:11 AM GMT> <field_a> <field_b> <field_c> <field_d> <field_e> <field_f> <field_g> <field_h> <field_i> <field_j> <field_k>

I dont want to populate fields <field_c>, <field_d>, <field_e> and <field_f> in my elasticsearch. Currently, I am achieving this at Logstash, using grok and mutate. Is it possible to do this in FIlebeat, so that Filebeat removes these unwanted entries before shipping?

Thanks in advance.

andrewkroh · February 9, 2017, 1:47pm

No, this is not possible.

It would only be possible if the logs were structured as JSON then you could parse them in Filebeat and drop_fields. But you need grok.

system · March 9, 2017, 1:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correct way to remove unnecessary fields from filebeat Beats filebeat	2	979	August 20, 2020
How to prevent adding extra fields by filebeat to the actual log records Beats filebeat	4	833	September 6, 2018
Remove unwanted fields Logstash	9	762	May 29, 2019
Help: How to filter unwanted metadata and fields from filebeats Kibana	7	1368	October 8, 2020
Parsing typical logback log lines Beats filebeat	2	977	February 27, 2018

Is it possible to avoid unwanted log fields in Filebeat?

Related Topics