Unable to remove field from elastic search

Elastic Stack Logstash
1

Here is my index

[
{
"_index" : "ind1",
"_type" : "doc",
"_id" : "ceI6smsB5aL8Y_rB7r5N",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2019-06-27T09:31:08.384Z",
"id" : 2,
"name" : "abc",

    }
  },
  {
    "_index" : "ind1",
    "_type" : "doc",
    "_id" : "cuI6smsB5aL8Y_rB775e",
    "_score" : 1.0,
    "_source" : {
      "@timestamp" : "2019-06-27T09:31:08.384Z",
      "id" : 1,
      "name" : "xyz",
      
    }
  }

Here is my script

input{
elasticsearch {
hosts => ["localhost:9200"]
index => "ind1"

}
}

filter {

mutate {
remove_field => [ "name" ]
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
action => "delete"
index => "ind1"
document_type => "doc"
document_id => "%{[@metadata][_id]}"
}}

when i run this script , i didn't find any changes in o/p

Can anyone help me with this

2

What is the need of adding document_type in the output config of Elasticsearch ?
Try removing it once.

3

@sjabiulla Thanks for your response. But still not working

4

docinfo is false by default, so your events will not have the _id in the @metadata.

1 Like
5

@Badger So what should I give in place of document_id if I don't have any unique field in my docs

6

Set 'docinfo => true' on the input.

7

@Badger Thanks. It has worked

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.