Hi Experts, I am using log stash to read my logs and I notice that the field "message" is there by default and has the complete data in it. So, I would like to remove it from my feed. Also, I want to replace "@timestamp" with "app_timestamp". Kindly help. { "message" => "JVM.128077 (…

Remove message and replace timestamp fields

Badger April 1, 2020, 3:10pm 2

You can remove a field using mutate

mutate { remove_field => [ "message" ] }

Use a date filter to parse app_timestamp and overwrite @timestamp.

1 Like

Topic		Replies	Views
Logstash remove @timestamp Logstash	2	1915	January 7, 2019
Removal of @timestamp field Logstash	2	1219	July 6, 2017
Remove a field from logstash Logstash	1	529	August 8, 2017
I want to strip out the beginning and ending parts of the log entry Logstash	6	443	May 8, 2018
Remove part of message string Logstash	7	19451	December 21, 2016

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Remove message and replace timestamp fields

Related topics