Remove a field from logstash

baha1 · July 11, 2017, 3:10pm

Hi there,
I am using logStash to index log file in ElasticSearch.I get this result:

{
_index: "errors",
_type: "error",
_id: "AV0sjSUzkDeT3TJ69hAm",
_score: 1,
_source: {
date: "16:54:46,235",
path: "c:/logstash.log",
@timestamp: "2017-07-10T12:50:33.720Z",
level: "ERROR",
@version: "1",
host: "HosteName",
message: "[stderr] (ServerService Thread Pool -- 42) at org.slf4j.LoggerFactory.performInitialization(LoggerFactory.java:111)"
}}

My question is how to remove or rename the field @timestamp and @version.
This is my pipeline.conf for more detail:

input {
        file {
        path => "c:/logstash.log"
        start_position => "beginning"
        sincedb_path => "/dev/null"
        codec => multiline {
        pattern => "^%{TIME}"
        negate => true
        what => previous
   } }}
filter {
grok{
	  match => { "message" => "%{TIME:date} %{LOGLEVEL:level} %{GREEDYDATA:message}" }
    remove_tag => ["_grokparsefailure"]
    remove_tag => ["multiline"]
    overwrite => ["message"]
}}
output {
if	"ERROR" in [level]
{
elasticsearch {
  hosts=>"localhost:9200"
  index => "errors"
  document_type => "error"
  } }
stdout { codec => rubydebug }
}

Any help is greatly appreciate.

system · August 8, 2017, 3:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.