Is it possible to avoid unwanted log fields in Filebeat?

elasticheart · February 9, 2017, 12:01pm

Hi,

I am using Filebeat GA 5.0.0. I have log files having entries like;

<Jan 16, 2017 9:35:11 AM GMT> <field_a> <field_b> <field_c> <field_d> <field_e> <field_f> <field_g> <field_h> <field_i> <field_j> <field_k>

I dont want to populate fields <field_c>, <field_d>, <field_e> and <field_f> in my elasticsearch. Currently, I am achieving this at Logstash, using grok and mutate. Is it possible to do this in FIlebeat, so that Filebeat removes these unwanted entries before shipping?

Thanks in advance.

andrewkroh · February 9, 2017, 1:47pm

No, this is not possible.

It would only be possible if the logs were structured as JSON then you could parse them in Filebeat and drop_fields. But you need grok.

system · March 9, 2017, 1:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.