Leave out default Logstash fields in ElasticSearch

This removes fields from output:

filter {    mutate {        # remove duplicate fields        # this leaves timestamp from message and source_path for source        remove => ["@timestamp", "@source"]    } }

elasticsearch field logstash

Some of that will depend on what web interface you are using to view your logs. I'm using Kibana, and a customer logger (c#) that indexes the following:

{  "_index": "logstash-2013.03.13",  "_type": "logs",  "_id": "n3GzIC68R1mcdj6Wte6jWw",  "_version": 1,  "_score": 1,  "_source":   {    "@source": "File",    "@message": "Shalom",    "@fields":     {      "tempor": "hit"    },    "@tags":     [      "tag1"    ],    "level": "Info"    "@timestamp": "2013-03-13T21:47:51.9838974Z"  }}

This shows up in Kibana, and the source fields are not there.

elasticsearch field logstash

To exclude certain fields you can use prune filter plugin.

filter {    prune {        blacklist_names => [ "@timestamp", "@source" ]    }}

Prune filter is not a logstash default plugin and must be installed first:

bin/logstash-plugin install logstash-filter-prune

CodeHunter

Leave out default Logstash fields in ElasticSearch

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last