input {
file {
type => "json_test"
path => "/logs/test/json1.log"
codec => json
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
date {
match => ["生日","yyyy-MM-dd HH:mm:ss"]
remove_field => ["生日","host","籍贯","班级","mail"]
}
}
output {
stdout {
codec => rubydebug
}
}
结果为
英文字段名可以remove,但是中文字段名没有成功remove,这是什么原因呢
file {
type => "json_test"
path => "/logs/test/json1.log"
codec => json
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
date {
match => ["生日","yyyy-MM-dd HH:mm:ss"]
remove_field => ["生日","host","籍贯","班级","mail"]
}
}
output {
stdout {
codec => rubydebug
}
}
结果为
英文字段名可以remove,但是中文字段名没有成功remove,这是什么原因呢
5 个回复
medcl - 今晚打老虎。
赞同来自: living
ELK_Funs
赞同来自:
living
赞同来自:
或者用 prune 的白名單試一試
保留什麼就whitelist什麼,不保留的就blacklist
lshao
赞同来自:
wanglifeng
赞同来自: