Working on my logstash.conf grok statement.
It seems the part that is not working is the final bit that says:
if [tags] == [] {
mutate {
remove_field => ["tags"]
}
}
This is logstash 6.3.
Any idea where I've gone wrong. It works in 5.4 which is what I am upgrading.
That no longer works in LS 6. You can do it in ruby if having an empty array in your document offends you.
ruby {
code => '
if event.get("tags") == []
event.remove("tags")
end
'
}© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.