Remove Specific Field matching pattern

Badger · March 22, 2023, 8:17pm

You could try

    ruby {
        init => '
            def doSomething(object, name, event)
#puts "Working on #{name}"
#Removed "if object" test since we need to process null valued fields
                    if object.kind_of?(Hash) and object != {}
                        object.each { |k, v| doSomething(v, "#{name}[#{k}]", event) }
                    elsif object.kind_of?(Array) and object != []
                        object.each_index { |i| doSomething(object[i], "#{name}[#{i}]", event) }
                    else
                        lastElement = name.gsub(/^.*\[/, "").gsub(/\]$/, "")
                        if lastElement =~ /^n1D/
                            event.remove(name)
                        end
                end
            end
        '
        code => '
            event.to_hash.each { |k, v|
                doSomething(v, "[#{k}]", event)
            }
        '
    }

Topic		Replies	Views
Logstash, remove all fields that contain a specific value Logstash	2	191	July 6, 2023
Event.remove not working Logstash	5	3260	June 29, 2018
How to remove fields with regex from json? Logstash	6	2616	January 16, 2018
How to remove subfield using ruby Logstash	5	5657	January 2, 2017
How to remove any field matching a string Logstash	2	901	July 6, 2017

Remove Specific Field matching pattern

Related Topics