Hi sorry for bothering you everytime.
I upload some logs into elastic via filebeat, but there is some other information added to my original logs like the host name os kernel ..., and the main message become unformatted, i want to delete all the field that are unnecessary and only keep my original message in the initial form.
You can delete Fields in the Filebeat processor like
processors:
- drop_fields:
fields: ["agent", "log", "input", "host", "ecs" ]
Or, if you don't need the Host information in generally, you can remove this from your filebeat conf.
- add_host_metadata: ~
from Filebeat Configuration.
hey @Bndlr i just try to delete add_host_metadata: from filebeat.yml but the host info still there in elastic.
I'm new with elk, so i don't know where write this code
processors:
- drop_fields:
fields: ["agent", "log", "input", "host", "ecs" ]
Hey,
you have to change the following Block in your filebeat.yml if you don't want to get any Host Information at the log lines
processors:
- add_docker_metadata:
# - add_host_metadata: ~
( -add_host_metadata_~ is commented out)
If you only want to remove special fields you have to add the the following to the proccessors Block in your filebeat.yml
processors:
- drop_fields:
fields: ["host.name", "ecs.version", "agent.version", "agent.type", "agent.id",]
Check also this out -> How to remove certain fields from filebeat index
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.