how remove_field in kv work? have json file , need remove fields nested in json file.
[url][querystring][404;http://hspb.homesearch.com:80/wcjv4lhtsmzj1rx6foq4ruike k49gup2jvwtjdhhe] 1 such field
this filter doesn't work in logstash
filter { kv { source => [ "[url][querystring]" ] remove_field => [ "404;%{somefield}" "my_extraneous_field" ] } }
remove_field remove named field(s) when underlying filter (in case 'kv') succeeds.
if need refer nested fields, try "[foo][bar]". can test if can use fields in variable names...
note: [foo][bar] meant illustrate how refer nested fields. if fields [mytopfield][mynestedfield], use that.
Comments
Post a Comment