Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Logstash configuration that accepts json file from filebeat. It overrides filebeat's additional fields and takes the type from the json rather than filebeat.
input {
beats {
port => 5044
}
}
filter {
if [type] == "beat" {
mutate {
remove_field => ["type", "beat", "input_type", "offset", "source", "fields"]
}
json {
source => "message"
}
mutate {
remove_field => "message"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.