Mysterious 'offset' and 'count' fields

CraigFoote · May 2, 2016, 4:34pm

I'm getting these two fields in my data but I don't know where they're coming from. Are they put there by filebeat? How can I get rid of them?

whyapenny · May 2, 2016, 4:55pm

are you sending to logstash or straight to elasticsearch? if logstash, just use mutate filter to drop the fields if not needed.

CraigFoote · May 2, 2016, 5:13pm

Ok, I can do that. Do you know where they're coming from though?

steffens · May 2, 2016, 5:18pm

I think the count field has been removed in more recent version (at least v5 alpha1 I think).

The offset field is the byte offset into the file the line has been read from.

Topic		Replies	Views
Regarding Filebeat Offset Value Beats filebeat	9	14237	April 24, 2017
Disable field "count" in filebeat output Beats filebeat	3	1218	July 5, 2017
Data are cut into logstash Logstash	2	671	June 26, 2017
Filebeat and data.json file, field meaning and service tunning Elasticsearch	1	1133	August 20, 2020
Filebeat 7.14.0 filestream input field log.offset is character count of the line Beats filebeat	5	1283	September 29, 2021