Hyder B.
Reputation: 12216
Remove unnecessary fields in ElasticSearch
We are populating Elasticsearch via logstash. The thing is that I see some unnecessary fields that I had like to remove like for example:
@version
file
geoip
host
message
offset
tags
Is it possible to do this by defining/extending a dynamic template? If yes, how? If no, can we do this via logstash configuration?
Your help is much appreciated.
Upvotes: 1
Views: 1983
Answers (1)
Alain Collins
Reputation: 16362
You can remove fields using really any logstash filter - when the filter succeeds, it will remove the field.
It makes sense to me to use mutate:
filter {
mutate {
remove_field => [ "file" ]
}
}
That said, most of these fields are incredibly useful and really should not be removed.
Upvotes: 4
Related Questions
- How to remove unwanted fields logstash (ELK)
- Remove Field from event by pattern
- logstash remove_field not working in order to upload csv to elasticsearch
- Remove array field if empty
- Removing unwanted fields in Logstash configuration file
- Leave out default Logstash fields in ElasticSearch
- Can I delete the message field from Logstash?
- Configuring Logstash to only include certain fields
- How to leverage logstash to index data but not generating extra fields from logstash
- Remove an event field and reference it in Logstash