Hi, I've tried disabling all the processor metadata and somehow narrowed it down but I still can't get rid of agent.ephemeral_id, agent.hostname, agent.id, agent.type, agent.version and ecs.version and log.offset. Is there a way to disable it or I have to manually specify them in the logstash con…

[SOLVED]How to remove agent.* and ecs.version?

Duked June 5, 2019, 12:51am 9

thanks I've edited the previous post with proper formatting in case someone faces the same issue

2 Likes

Removing agent.* metadata doesn't work in Filebet nor Logstash

Topic		Replies	Views
Filebeat - drop fields processor doesn't remove agent.* and ecs fields. (Without Logstash) Beats	4	2285	November 10, 2019
Drop agent / ecs fields from filebeat (previous solves here only partially work) Beats filebeat	1	363	June 8, 2022
Filebeats not dropping agent.* fields Beats filebeat	4	2455	November 20, 2019
Winlogbeats remove @metadata, agent and ecs fields Beats winlogbeat	2	636	May 9, 2021
Filebeat didn't drop some of the fields like agent., ecs. etc Beats docker , filebeat	3	1947	September 8, 2020