Mysterious 'offset' and 'count' fields

CraigFoote · May 2, 2016, 4:34pm

I'm getting these two fields in my data but I don't know where they're coming from. Are they put there by filebeat? How can I get rid of them?

whyapenny · May 2, 2016, 4:55pm

are you sending to logstash or straight to elasticsearch? if logstash, just use mutate filter to drop the fields if not needed.

CraigFoote · May 2, 2016, 5:13pm

Ok, I can do that. Do you know where they're coming from though?

steffens · May 2, 2016, 5:18pm

I think the count field has been removed in more recent version (at least v5 alpha1 I think).

The offset field is the byte offset into the file the line has been read from.

Topic		Replies	Views
Filebeat and data.json file, field meaning and service tunning Elasticsearch	1	1130	August 20, 2020
Filebeat 7.14.0 filestream input field log.offset is character count of the line Beats filebeat	5	1281	September 29, 2021
Just one unknown field - Filebeat json parsing Beats filebeat	5	1071	July 2, 2020
Filebeat missing files Beats filebeat	19	5453	October 11, 2016
Filebeat and parsing Beats	3	648	July 12, 2017