Script processor for retaning relevant fields not working

vishnuhngama · November 30, 2023, 10:30am

I am writing a script processor which will retain only the relevant fields and remove all the other fields . Here 'message','custom_field','@timestamp','_index','_id','_version','index_name','tags', is getting retained but the fields like 'audit.log.0','audit.log.1','event.type','auditd.log.key','event.dataset','event.created','event.original','event.ingested' is not getting retained .

Please provide me a solution . Also i dont want to use remove processor and logstash , I want to handle this using ingest pipeline only since I am using filebeats audit ingest pipeline for parsing the events

{
      "script": {
        "source": """
      
       ctx.keySet().retainAll(['message','custom_field','@timestamp','_index','_id','_version','index_name','tags','audit.log.0','audit.log.1','event.type','auditd.log.key','event.dataset','event.created','event.original','event.ingested'])
      
        """
      }
    }

vishnuhngama · December 13, 2023, 1:35pm

Reply guys

system · January 10, 2024, 1:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using the Remove processor for ingest node Elasticsearch	8	3938	July 5, 2017
Pipeline remove processor not removing all fields Elasticsearch	4	668	September 2, 2020
Script processor not adding a new field using ingest pipeline Elasticsearch painless , ingest-pipeline	2	344	October 16, 2023
Ingest pipeline context modification inconsistent Elasticsearch	3	516	August 24, 2017
Ingest pipeline: copy all fields that contains a word to a single new field Elasticsearch	2	392	August 11, 2023

Script processor for retaning relevant fields not working

Related topics