I want to ingest JSON PE file data that has 40+ fields w/nested fields. I only want the first few fields. Is there a way to either drop the unwanted fields or can I explicitly state which fields I want?
I want to ingest JSON PE file data that has 40+ fields w/nested fields. I only want the first few fields. Is there a way to either drop the unwanted fields or can I explicitly state which fields I want?
To filter top-level fields you can use a prune filter with whitelist_names.
Thanks Badger.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.