Hello,
how to remove children fields with specific prefix at the end of LogStash pipeline?
parent.level2.level3.removewiththisprefix_1, parent.level2.level3.removewiththisprefix_2,... parent.level2.level3.removewiththisprefix_X
Have tried with Mutate filter but it doesn't recognize regexp
filter {
mutate {
remove_field => [ "parent.level2.level3.removewiththisprefix_*", "removewiththisprefix_*" ]
}
}
and also with custom ruby block, but what path to use in order to reach children?
ruby {
code => '
event.to_hash.each { |k, v|
if event.get(k).start_with?("removewiththisprefix_")
event.remove(k)
end
}
'
}
Suffixes of those fields are unpredictable, that's why need to rely on prefix. Their amount can be big, so they have to go away before writing document to index. Any steady suggestion is welcome!
Regards