Hi,
logstash read the file line by line and add each line to Elasticsearch ok but i just want to add it with a condition when he find "EXCEPTION".
example of my log file:
01/01/2022 15:00:02 546- MAIN EXCEPTION :
System.IO.IOException: Unable.......
at System ......
at System ....
01/01/2022 15:00:03 535- S....
01/01/2022 15:00:03 535- GA.....
I want to send just the "exception" to Elasticsearch.
Any help would be sincerely appreciate!
Thanks.
Sounds like you want something like
if "EXCEPTION" in [message] { mutate { add_field => { "someField" => "someValue" } } }Or if you want to drop other messages than EXCEPTION, it could be:
if !("EXCEPTION" in [message]) {drop{}}
Thanks Badger,TOMO_M
That's what i want, and if i want to add another condition before the drop ? i tried this but didn't work:
if !("EXCEPTION" and "System.Net.Sockets" in [message]) {drop{}}
Thanks.
About conditional syntax, see here.
Thanks Tomohiro.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.