Removing nested keys using ruby filtering

Arnold_Yahad · August 22, 2018, 7:53am

i have an index with a lot of spam fields (over 300). they are all nested and look like this:

kv.amp-1-234
kv.amp-1-abc
kv.amp-1-efg

so i wanted to do filtering and use remove_fields to get rid of them.
wanted to use the prune filter but i can't - they don't support nested key removal.
and i can't use
filter {
mutate {
remove_fields

because it doesnt support regex.

i saw that the only way is through ruby filtering:

  ruby {
    code => "
    event.to_hash.keys.each { |k|
    if k.start_with?('[kv.amp-1][k]')
      event.remove(k)
    end
    }
   "
   }

but it doens't work. i just need an example of deletion of nested keys using the ruby filter(no need for regex because start_with? is good enough)

using logstash 5.4.2

system · September 19, 2018, 7:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Removing specific fields Logstash	2	300	May 28, 2018
Ruby filter to whitelist nested fields Logstash	3	1002	March 29, 2022
How to remove fields with regex from json? Logstash	6	2626	January 16, 2018
Event.remove not working Logstash	5	3261	June 29, 2018
Remove Specific Field matching pattern Logstash	5	765	April 19, 2023

Removing nested keys using ruby filtering

Related topics