Remove Field from event by pattern

Question

So I\'m using a standard ELK stack to analyse Apache access logs, which is working well, but I\'m looking to break out URL parameters as fields, using the KV filter, in orde

Answer 1

I know this is dated and has been answered, but for anyone looking into it as of 2017. There's a plugin named prune that allows you to trim based on difference criteria including patterns.

prune {
    blacklist_names => ["[0-9]+", "unknown_fields", "tags"]
}