Logstash filter target操作之后remove_field删除子字段

Joe.Ye 2023-03-25 ELK 
useragent {
    source => "agent"
    target => "ua"
    remove_field => [ "agent", "[ua][patch]", "[ua][build]" ]
}

grok {
    patterns_dir => "/usr/local/logstash/config_file/patterns"
    match => { "message" => "%{TIME_STAMP_A:logtime}\s+\[\s*%{APP_NAME:appname}\s*\]\[\s*%{LOG_LVL:loglvl}\s*\]\s+\[\s*%{PROCESS_ID:pid}\s*\]\s+\[\s*%{PROCESS_NAME:pname}\s*\]\s+\[\s*%{TRACE_ID:traceid}\s*\]\s+\[\s*%{SPAN_ID:spanid}\s*\]\s+\[\s*%{SPAN_EXPORTABLE}\s*\]\s+---\s+\[\s*%{CLASS_PATH:classpath}\s*\]\s+\[\s*%{METHOD_NAME:methodname}\s*\]\s+\[\s*%{CODE_LINE:codeline}\s*\]\s+:\s+%{CONTENT}" }
    remove_field => ["agent", "cloud", "ecs", "input", "[host][architecture]", "[host][containerized]", "[host][id]", "[host][os]", "[host][hostname]"]
}

版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/25/remove-field-delete-subfield-after-logstash-filter-target-operation/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
打赏
海报
Logstash filter target操作之后remove_field删除子字段
useragent { source => "agent" target => "ua" remove_field => [ "agent", "[ua][patch]", ……
<<上一篇
下一篇>>
文章目录
关闭
目 录