This is the logstash config for apache access_log:
input {
file {
path => "/var/log/http.log"
}
}
filter {
grok {
match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
}
I would like to collect all fields except of %{WORD:method}
How can I let the field be skipped/ignored from beeing transfered to ElasticSearch?
You can do this by removing the word "method" which appears after WORD. So your grok filter would look like:
match => { "message" => "%{IP:client} %{WORD} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}
The words which appear after the colon are variable names, where the types like IP, WORD, NUMBER, etc. are stored and passed on.