6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"kv filter in logstash\",\"text\":\"

How does remove_field in kv work? I have a json file and need to remove fields that are deeply nested in the json file.

\\n\\n

[url][queryString][404;http://hspb.homesearch.com:80/wcJV4LhTSmzJ1rX6FOq4RuiKe K49gUP2JvWtjdhhE] is one such field

\\n\\n

This filter doesn't work in logstash

\\n\\n

 filter {\\n   kv {\\n      source => [ \\\"[url][queryString]\\\" ]\\n      remove_field => [ \\\"404;%{somefield}\\\" \\\"my_extraneous_field\\\" ]\\n    }\\n  }\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Pooja\"},\"upvoteCount\":0,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","json",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/json/1","children":"json"}]}],["$","span","logstash",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/logstash/1","children":"logstash"}]}],["$","span","logstash-configuration",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/logstash-configuration/1","children":"logstash-configuration"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/3a85d2088ef2977f1c25bfcac3171e10?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Pooja","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/5187487/pooja","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Pooja"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",883]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"kv filter in logstash"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

How does remove_field in kv work? I have a json file and need to remove fields that are deeply nested in the json file.

\n\n

[url][queryString][404;http://hspb.homesearch.com:80/wcJV4LhTSmzJ1rX6FOq4RuiKe K49gUP2JvWtjdhhE] is one such field

\n\n

This filter doesn't work in logstash

\n\n

 filter {\n   kv {\n      source => [ \"[url][queryString]\" ]\n      remove_field => [ \"404;%{somefield}\" \"my_extraneous_field\" ]\n    }\n  }\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",0]}],["$","p",null,{"children":["Views: ",1028]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","32788862",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/7052c93fdd73e209e109c68acfee76fd?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"Alain Collins","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/677561/alain-collins","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Alain Collins"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",16362]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

remove_field will remove the named field(s) when the underlying filter (in your case 'kv') succeeds.

\n\n

If you need to refer to nested fields, try \"[foo][bar]\". You can test if you can use fields in the variable names...

\n\n

NOTE: [foo][bar] is meant to illustrate how to refer to nested fields. If your fields are [myTopField][myNestedField], use that.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","75019583",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/75019583","className":"text-blue-600 hover:underline","children":"Logstash - kv filter ignored"}]}],["$","li","48703747",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48703747","className":"text-blue-600 hover:underline","children":"KV filter not including space values"}]}],["$","li","69450788",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/69450788","className":"text-blue-600 hover:underline","children":"Logstash - Drop logs containing kv value"}]}],["$","li","43105680",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43105680","className":"text-blue-600 hover:underline","children":"How does the logstash kv{} filter plugin work?"}]}],["$","li","46136864",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46136864","className":"text-blue-600 hover:underline","children":"Logstash issue with KV filter"}]}],["$","li","43162414",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/43162414","className":"text-blue-600 hover:underline","children":"Logstash kv filter issue with value having comma"}]}],["$","li","39389577",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/39389577","className":"text-blue-600 hover:underline","children":"Logstash kv filter issue with blank values"}]}],["$","li","39030646",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/39030646","className":"text-blue-600 hover:underline","children":"How to include the filter in Logstash config file?"}]}],["$","li","32106420",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32106420","className":"text-blue-600 hover:underline","children":"Accessing key using kv filter in logstash"}]}],["$","li","30010090",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30010090","className":"text-blue-600 hover:underline","children":"filter json in logstash"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

kv filter in logstash

Answers (1)

Related Questions