如何在ElasticSearch中跳过插入的特定字段？不想像“消息”、“事件”、“日志”这样的字段

fumotvh3 于 2022-12-03 发布在 ElasticSearch

关注(0)|答案(1)|浏览(102)

在记录中，我没有插入像“消息”，“事件”或“日志”这样的字段。这些字段是在使用logstash从CSV文件插入记录时自动生成的，我不想在那里。
索引中的记录如下所示：

"_index": "jmeter2",
        "_id": "dsfdsfdsf",
        "_score": 1,
        "_source": {
          "Samples": "1083",
          "Received KB/sec": "178.9",
          "99th pct": "1350",
          "log": {
            "file": {
              "path": "/Users/abc/Downloads/opt/jenkins/workspace/agg_report2.csv"
            }
          },
          "host": {
            "name": "dfdsfdsffs"
          },
          "@timestamp": "2022-11-22T07:15:29.052181Z",
          "95th pct": "659",
          "Min": "112",
          "Max": "3829",
          "@version": "1",
          "Throughput": "7.2",
          "Label": "ACTIVITY_DETAIL",
          "90th pct": "338",
          "Build_number": "abcd1111",
          "Error %": "0.00%",
          "Median": "207",
          "message": "ACTIVITY_DETAIL,1083,270,207,338,659,1350,112,3829,0.00%,7.2,178.9,251.61",
          "event": {
            "original": "ACTIVITY_DETAIL,1083,270,207,338,659,1350,112,3829,0.00%,7.2,178.9,251.61"
          },
          "Average Response Time": "270",
          "Stddev": "251.61"
      }
}

elasticsearch

来源：https://stackoverflow.com/questions/74604773/how-to-skip-particular-fields-from-inserting-in-elasticsearch-dont-want-to-fie

1条答案

按热度按时间

monwx1rj1#

您可以将remove_field语句添加到csv过滤器中：

filter {
      csv {
        remove_field => [ "message", "event", "log" ]
      }
    }

https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-remove_field

赞(0）回复(0）举报 2022-12-03

我来回答

如何在ElasticSearch中跳过插入的特定字段？不想像“消息”、“事件”、“日志”这样的字段

1条答案

相关问题

热门标签

最新问答