user1052610
Reputation: 4719
Configuring Logstash to only include certain fields
Using filter, mutate, and remove_field, Logstash con be configured to exclude certain fields from the output.
But what if one only knows the names of the fields to be included, and wants to exclude all other fields (the names of which one did not know up front). How could this be done?
Thanks
Upvotes: 3
Views: 2737
Answers (1)
Magnus Bäck
Reputation: 11571
You can use a ruby filter:
filter {
ruby {
code => "
wanted_fields = ['message', 'foo']
event.to_hash.keys.each { |k|
event.remove(k) unless wanted_fields.include? k
}
"
}
}
Related:
Upvotes: 8
Related Questions
- Filtering JSON/non-JSON entries in Logstash
- Configuring logstash
- Leave out default Logstash fields in ElasticSearch
- Specifying Field Types Indexing from Logstash to Elasticsearch
- Only allow fields that are in the index template
- How to Query Logstash via curl and return only specific fields
- Setting Elasticsearch Analyzer for new fields in logstash
- Disable index build on certain fields
- How to leverage logstash to index data but not generating extra fields from logstash
- Remove unnecessary fields in ElasticSearch