Hi,
I'm trying to apply some naming validation to each field that passes through Logstash, to match some predefined naming convention using regex.
Assuming that I can distinguish within Logstash which field is eligible to be indexed or not, is it possible to somehow hint elasticsearch to not index them? without changing the field's name.
Thanks,
Typically, if you send a field to elasticsearch then it will get indexed. If you do not want to index the field either remove it from the event, or disable dynamic mapping, and create all your fields using a template in elasticsearch.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.