Keep fields from eventsedit
The include_fields processor specifies which fields to export if a certain
condition is fulfilled. The condition is optional. If it’s missing, the
specified fields are always exported. The @timestamp, @metadata, and type
fields are always exported, even if they are not defined in the include_fields
list.
Exampleedit
- include_fields:
when:
condition
fields: ["field1", "field2", ...]
See Conditions for a list of supported conditions.
Elastic Agent processors execute before ingest pipelines, which means that your processor configurations cannot refer to fields that are created by ingest pipelines or Logstash. For more limitations, refer to What are some limitations of using processors?
You can specify multiple include_fields processors under the processors
section.
If you define an empty list of fields under include_fields, only
the required fields, @timestamp and type, are exported.