I'm getting these two fields in my data but I don't know where they're coming from. Are they put there by filebeat? How can I get rid of them?
1 Like
are you sending to logstash or straight to elasticsearch? if logstash, just use mutate filter to drop the fields if not needed.
Ok, I can do that. Do you know where they're coming from though?
I think the count field has been removed in more recent version (at least v5 alpha1 I think).
The offset field is the byte offset into the file the line has been read from.
1 Like