What does this filter do?

przemolb · December 4, 2018, 11:59am

Hello,

can anybody explain me what does the following filter do ?

filter {
  if [@metadata][input-http] {
    date {
      match => [ "date", "UNIX" ]
      remove_field => [ "date" ]
    }
    mutate {
      remove_field => ["headers","host"]
    }
  }
}

AquaX · December 5, 2018, 3:22am

if the @metadata tag contains "input-http" then:
Use the "date" field (which is in UNIX Epoch format) and turn it into the @timestamp field (by default)
Then remove the "date" field (since the info is now in @timestamp)
Next use the mutate filter and remove the two fields "headers" and "host"
End.

system · January 2, 2019, 3:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Date Filter Question Logstash	3	239	September 10, 2020
Date Filter Logstash Logstash	5	351	June 9, 2020
Date filter help Logstash	2	217	August 28, 2018
Logstash datetime filter if else Logstash	8	1831	December 21, 2020
Date filter not working Logstash	6	1780	April 29, 2017

What does this filter do?

Related topics