Logstash remove unwanted fields

saikrishnagaddipati · January 24, 2018, 6:13am

I am using logstaah 5.6.4
I am trying to parse the below message field in logstash and add a field "error_code" but logstash adds all the fields(bytes, syslog_hostname, method, method2). How to configure logstash to stop adding the unwanted fields?
message: 1332414 Backup hgnmowi88-ben Done 0 16142082 idk-dev-db Prod-Differential hqidwinfmd03-ben

and my logstash confi is below

if [type] == "hostup" {
grok {
match => { "message" => "%{NUMBER:bytes}\s*%{WORD:method}\s*%{SYSLOGHOST:syslog_hostname}\s*%{WORD:method2}\s*%{INT:number}\s*%{INT:number2}\s*%{USERNAME:user_id}\s*%{SYSLOGHOST:syslog_hostname2}"}
add_field => { "error_code" => "%{number}"}
}
}

magnusbaeck · January 25, 2018, 9:08pm

To match and capture into a field use %{PATTERN:field}. To match without capturing into a field use %{PATTERN}.

add_field => { "error_code" => "%{number}"}

Remove this line and replace %{INT:number} with %{INT:error_code}.

system · February 22, 2018, 9:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract string from message field kibana Kibana	5	9367	February 21, 2018
Remove logstash automatic fields Logstash	3	491	July 6, 2017
Can't remove fields in logstash 5.2.2 Logstash	5	805	April 12, 2017
Best way to add a field if the field contatins a specific string Logstash	2	542	July 6, 2017
Elastic Json parse into logstash Logstash	30	1201	November 22, 2018

Logstash remove unwanted fields

Related topics