i have an index with a lot of spam fields (over 300). they are all nested and look like this:
kv.amp-1-234
kv.amp-1-abc
kv.amp-1-efg
so i wanted to do filtering and use remove_fields to get rid of them.
wanted to use the prune filter but i can't - they don't support nested key removal.
and i can't use
filter {
mutate {
remove_fields
because it doesnt support regex.
i saw that the only way is through ruby filtering:
ruby {
code => "
event.to_hash.keys.each { |k|
if k.start_with?('[kv.amp-1][k]')
event.remove(k)
end
}
"
}
but it doens't work. i just need an example of deletion of nested keys using the ruby filter(no need for regex because start_with? is good enough)
using logstash 5.4.2