Unable to remove field from elastic search

bhagmathi · July 2, 2019, 10:39am

Here is my index

[
{
"_index" : "ind1",
"_type" : "doc",
"_id" : "ceI6smsB5aL8Y_rB7r5N",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2019-06-27T09:31:08.384Z",
"id" : 2,
"name" : "abc",

    }
  },
  {
    "_index" : "ind1",
    "_type" : "doc",
    "_id" : "cuI6smsB5aL8Y_rB775e",
    "_score" : 1.0,
    "_source" : {
      "@timestamp" : "2019-06-27T09:31:08.384Z",
      "id" : 1,
      "name" : "xyz",
      
    }
  }

Here is my script

input{
elasticsearch {
hosts => ["localhost:9200"]
index => "ind1"

}
}

filter {

mutate {
remove_field => [ "name" ]
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
action => "delete"
index => "ind1"
document_type => "doc"
document_id => "%{[@metadata][_id]}"
}}

when i run this script , i didn't find any changes in o/p

Can anyone help me with this

sjabiulla · July 2, 2019, 12:14pm

What is the need of adding document_type in the output config of Elasticsearch ?
Try removing it once.

bhagmathi · July 2, 2019, 1:17pm

@sjabiulla Thanks for your response. But still not working

Badger · July 2, 2019, 1:23pm

docinfo is false by default, so your events will not have the _id in the @metadata.

bhagmathi · July 2, 2019, 1:24pm

@Badger So what should I give in place of document_id if I don't have any unique field in my docs

Badger · July 2, 2019, 2:08pm

Set 'docinfo => true' on the input.

bhagmathi · July 3, 2019, 6:09am

@Badger Thanks. It has worked

system · July 31, 2019, 6:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.