logstash 删除message host字段

[elk@node01 conf]$ cat t3.conf 
input {
  syslog {
   port=>"514"
   }
}

output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
       "message" => "192.168.137.1",
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:03:55.366Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}

[elk@node01 conf]$ 
[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:07:02.258Z",
          "host" => "node01",
          "xxxx" => "192.168.137.1"
}



[elk@node01 conf]$ cat t4.conf 
input {
   stdin{}
}

filter {  
    grok {  
        match => ["message", "%{IPORHOST:xxxx}"]  
    } 
 mutate {  
  remove_field =>["message"]
  remove_field =>["host"]
}
}
output {  
        stdout {  
            codec => rubydebug  
        }  
      } 
[elk@node01 conf]$ logstash -f t4.conf 
Settings: Default pipeline workers: 4
Pipeline main started
192.168.137.1
{
      "@version" => "1",
    "@timestamp" => "2018-04-07T03:08:35.546Z",
          "xxxx" => "192.168.137.1"
}