Logstash remove after split

tamilarasanbravo · November 25, 2020, 7:12am

Hi Team,

I have configured a logstash http which receives JSON data. As part of the logstash filter I split a json field/value of array into 5 different key values. i.e.,

original Field

commits : { author : TJ
email: tj@email.com
added: adding details
modified: asadasd
}

Got modified into

commits.author: tj
commits.email : tj@email.com
commits.added : adding detail
commits.modified : asasas

Now, after it got split using split filter I am trying to delete (commits.modified) but I am unable to do so.

Pasting my current filter for further reference.

filter {
    split { field => "commits" }
    mutate { remove_field => [ "[commits.modified]" ] }
}

Looking forward to any help.

Regards
TJ

Badger · November 25, 2020, 1:45pm

If [modified] is a field inside the [commits] object then in logstash that would be referred to as [commits][modified]. [commits.modified] would refer to a field that contains a period in its name.

If [commits] is a hash then I would expect split to log an error. It operates on arrays and strings, not hashes.

Topic		Replies	Views
Remove objects in arrays Logstash	2	484	November 28, 2018
Logstash, split field and remove field Logstash	4	902	April 27, 2020
Splitフィルターで分割したルートのフィールド名を削除する方法日本語による質問・議論はこちら	3	751	December 10, 2021
Split json Logstash	2	256	April 22, 2020
Deleting array fields logstash Logstash	7	356	February 26, 2024

Logstash remove after split

Related topics