Logstash排除字段及字段内容

排除字段

filter {
    grok {
        remove_field => ["agent", "cloud", "ecs", "host", "input"]
    }
}

排除字段内容

output {
    if "_grokparsefailure" in [tags] {
        file { path => "/usr/local/logstash/logs/grok_failures.txt" }
    } else {
        if (([classpath] == "com.netflix.eureka.registry.AbstractInstanceRegistry" and [methodname] == "run") or
            ([classpath] == "com.netflix.discovery.shared.resolver.aws.ConfigClusterResolver" and [methodname] == "getClusterEndpoints")) {
            #stdout {
               #codec => rubydebug
            #}
        } else {
            elasticsearch {
                hosts => ["172.10.1.10:9200"]
                #index => "%{type}"
                index => "appblog-%{+YYYY.MM.dd}"
            }
        }
    }
}