Logstash remove after split

tamilarasanbravo · November 25, 2020, 7:12am

Hi Team,

I have configured a logstash http which receives JSON data. As part of the logstash filter I split a json field/value of array into 5 different key values. i.e.,

original Field

commits : { author : TJ
email: tj@email.com
added: adding details
modified: asadasd
}

Got modified into

commits.author: tj
commits.email : tj@email.com
commits.added : adding detail
commits.modified : asasas

Now, after it got split using split filter I am trying to delete (commits.modified) but I am unable to do so.

Pasting my current filter for further reference.

filter {
    split { field => "commits" }
    mutate { remove_field => [ "[commits.modified]" ] }
}

Looking forward to any help.

Regards
TJ

Badger · November 25, 2020, 1:45pm

If [modified] is a field inside the [commits] object then in logstash that would be referred to as [commits][modified]. [commits.modified] would refer to a field that contains a period in its name.

If [commits] is a hash then I would expect split to log an error. It operates on arrays and strings, not hashes.

system · December 23, 2020, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove objects in arrays Logstash	2	454	November 28, 2018
Split filter and add_field encoding object to a JSON string Logstash	8	306	August 24, 2023
Remove fields - plugin http_poller_plugin with json Logstash	2	375	February 11, 2022
Question on logstash removing field from json string and saving back to same field Logstash	3	1252	April 15, 2021
Logstash, split field and remove field Logstash	4	845	April 27, 2020

Logstash remove after split

Related topics