Prune filter - Whitelist JSON subfields & per-pipeline log file

stillfreem · December 9, 2021, 7:53am

Hi All,

I've got a couple of questions!

Can I whitelist only certain field from JSON using Prune? I saw similar topics suggesting ruby but wanted to avoid this as its a bit too complicated for me.
For instance I'd like to whitelist LogData.Tracepoint (check below picture)
I'm going to need this as I'm planning to get this field into Sentinel using the log analytics output plugin.

Below picture is my output

in logstash.yml when I set the pipeline.separate_logs: to true, do I need to create a log file or such is being automatically generated getting the name from the config file for that particular pipeline?

Badger · December 9, 2021, 3:42pm

prune only works on top-level fields.

log4j2 will create the log files, you do not need to do it.

stillfreem · December 10, 2021, 11:49am

Thank you very much @Badger

system · January 7, 2022, 11:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Prune filter does not work with whitelist but it does with blacklist Logstash	2	238	December 7, 2023
[SOLVED]Prune Filter Question Logstash	8	1813	August 28, 2019
Prune filter plugin - How whitelist a nested field? Logstash	4	2416	December 15, 2020
Filtering json fields to be outputted by logstash Logstash	3	2989	August 9, 2017
Looking for a way to prune fields with certain text in them but struggling with the prune filter and regex Logstash	2	1012	November 28, 2018