This functionality is in beta and is subject to change. The design and code is considered to be less mature than official GA features. Elastic will take a best effort approach to fix any issues, but beta features are not subject to the support SLA of official GA features.
« Drop fields from events Rename fields from events »
Elastic Docs Heartbeat Reference [6.3] Configuring Heartbeat Filter and Enhance the exported data

Keep fields from events

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Keep fields from events

edit

The include_fields processor specifies which fields to export if a certain condition is fulfilled. The condition is optional. If it’s missing, the specified fields are always exported. The @timestamp and type fields are always exported, even if they are not defined in the include_fields list.

processors:
 - include_fields:
     when:
        condition
     fields: ["field1", "field2", ...]

See Conditions for a list of supported conditions.

You can specify multiple include_fields processors under the processors section.

If you define an empty list of fields under include_fields, then only the required fields, @timestamp and type, are exported.

« Drop fields from events Rename fields from events »