I am ingesting data to elasticsearch using logstash and my indexes are created every month(sample-%{+YYYY.MM}).
sample-2018.04 and sample-2018.05 indexes have unwanted fields(nearly 8000 fields). Now, I've corrected my mistake in sample-2018.06(only 120 fields). But when I search in Index Patterns in Kibana, it still shows 8000 fields. So can someone please say,
If there is a way to delete fields in elasticsearch?
If I delete the old indexes, then I would only see 120 fields?
Having 8000 fields would definitely effect elasticsearch index performance which I am already experiencing. Please shed some light on this issue.
So, I am using kv filter without whitelisting the fields and the events somehow have payload in it which got splitted into dynamic key-value pairs. Now, I've included fields to be included as part of kv filter which would only give required fields.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
Thanks