I am using the json filter in my logstash processing and i would like to remove some of the json fields that get parsed. I am unable to figure out what the format should be.
Here is my json { "cookies" : {"x" : 1, "more-cookies" : {"y" : 0, "z":0} } }
I understand that there are two ways to remove this - 1. In the json filter itself and the other in the mutate filter. But neither of the two are working for me.
filter {
grok {
.....
}
json {
source => "json-message"
remove_fields => ["y"]
}
}
I have tried the mutate with this as well like so
filter {
grok {
.....
}
json {
source => "json-message"
remove_fields => ["y"]
}
mutate {
remove_fields => ["cookies.more-cookies.y"]
}
But this does not work as well.
How does one remove a nested field when using the json filter in logstash. Any help is very appreciated.
Thanks