Is it possible to avoid unwanted log fields in Filebeat?

elasticheart · February 9, 2017, 12:01pm

Hi,

I am using Filebeat GA 5.0.0. I have log files having entries like;

<Jan 16, 2017 9:35:11 AM GMT> <field_a> <field_b> <field_c> <field_d> <field_e> <field_f> <field_g> <field_h> <field_i> <field_j> <field_k>

I dont want to populate fields <field_c>, <field_d>, <field_e> and <field_f> in my elasticsearch. Currently, I am achieving this at Logstash, using grok and mutate. Is it possible to do this in FIlebeat, so that Filebeat removes these unwanted entries before shipping?

Thanks in advance.

andrewkroh · February 9, 2017, 1:47pm

No, this is not possible.

It would only be possible if the logs were structured as JSON then you could parse them in Filebeat and drop_fields. But you need grok.

system · March 9, 2017, 1:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Correct way to remove unnecessary fields from filebeat Beats filebeat	2	980	August 20, 2020
How to prevent adding extra fields by filebeat to the actual log records Beats filebeat	4	836	September 6, 2018
How to remove certain Filebeat output fields Beats filebeat	3	8688	June 29, 2017
Remove unwanted fields Logstash	9	762	May 29, 2019
Adding fields containg a log-level? Beats filebeat	7	2266	September 1, 2016

Is it possible to avoid unwanted log fields in Filebeat?

Related topics