Logstash filter target操作之后remove_field无法删除子字段

hjfeng1988 · July 11, 2018, 6:56am

        grok {
            match => { "message" => "%{HTTPD_COMBINEDLOG}" }
            remove_field => [ "message" ]
        }
        useragent {
            source => "agent"
            target => "ua"
            remove_field => [ "agent" ]
            remove_field => [ "ua.patch" ]
            remove_field => [ "ua.build" ]
        }

配置如上，agent字段删除成功，但是ua.patch和ua.build删除失败，谁知道什么原因请告诉我，谢谢。

hjfeng1988 · July 11, 2018, 7:12am

        grok {
            match => { "message" => "%{HTTPD_COMBINEDLOG}" }
            remove_field => [ "message" ]
        }
        useragent {
            source => "agent"
            target => "ua"
            remove_field => [ "agent","[ua][patch]" ]
            remove_field => [ "[ua][build]" ]
        }

remove_field => [ "agent","[ua][patch]","[ua][build]" ]建议写成一行
修改成如下。

system · August 8, 2018, 7:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.