I am trying to write a filter that can check and remove multiple null value fields.
For instance,
filter {
mutate {
remove_tag => [ "foo_%{somefield}" ] }
}
but I need to do this check for many fields inside the json, so I would like to avoid using multiple if conditions. Searching on Google I found this
ruby {
code => "event.to_hash.delete_if {|field, value| value == 'null' }"
}
but it's not working and I am not really sure how this work. Any idea?
You need to iterate through all the fields and check if value is nil (null in ruby); remove the key if it is nil.
This ruby filter will work,
ruby {
code => "
hash = event.to_hash
hash.each do |key,value|
if value == nil
event.remove(key)
end
end
"
}
Please let me know if it helps.