Hi All,
I've got a couple of questions!
- Can I whitelist only certain field from JSON using Prune? I saw similar topics suggesting ruby but wanted to avoid this as its a bit too complicated for me.
For instance I'd like to whitelistLogData.Tracepoint
(check below picture)
I'm going to need this as I'm planning to get this field into Sentinel using the log analytics output plugin.
Below picture is my output
- in
logstash.yml
when I set thepipeline.separate_logs:
to true, do I need to create a log file or such is being automatically generated getting the name from the config file for that particular pipeline?