This is my config file , I can't match and remove_field
input {
beats {
port => 5047
add_field => { "type" => "ad_engine"}
}
}
filter {
grok {
patterns_dir => "pattern_adeg.conf"
match => { "%{message}" => "info" }
remove_field => ["type","line","offset"]
}match => { "%{message}" => "info" }
I'm not sure what you're trying to do here. The left-hand side (currently "%{message}") is supposed to be the name of a field, not the contents of a field. The right-hand side (currently "info") is supposed to be a grok expression, but you just have a fixed string. If you describe what you want to accomplish I'm sure we can suggest something.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.