Logstash filter target操作之后remove_field无法删除子字段

hjfeng1988 · July 11, 2018, 6:56am

        grok {
            match => { "message" => "%{HTTPD_COMBINEDLOG}" }
            remove_field => [ "message" ]
        }
        useragent {
            source => "agent"
            target => "ua"
            remove_field => [ "agent" ]
            remove_field => [ "ua.patch" ]
            remove_field => [ "ua.build" ]
        }

配置如上，agent字段删除成功，但是ua.patch和ua.build删除失败，谁知道什么原因请告诉我，谢谢。

hjfeng1988 · July 11, 2018, 7:12am

        grok {
            match => { "message" => "%{HTTPD_COMBINEDLOG}" }
            remove_field => [ "message" ]
        }
        useragent {
            source => "agent"
            target => "ua"
            remove_field => [ "agent","[ua][patch]" ]
            remove_field => [ "[ua][build]" ]
        }

remove_field => [ "agent","[ua][patch]","[ua][build]" ]建议写成一行
修改成如下。

system · August 8, 2018, 7:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why there's no agent field available once used %{COMBINEDAPACHELOG} in ELK Stack 7.1 Logstash	3	378	July 19, 2019
How to rename fields Logstash	4	2369	September 12, 2017
Remove field after parsing json Logstash	3	1014	April 14, 2022
How to remove the fields Logstash	4	810	December 29, 2021
Removing fields from logstash Logstash	67	1881	October 6, 2023

Logstash filter target操作之后remove_field无法删除子字段

Related topics