I have this kind of log: https://pastebin.com/ztXijyNV
I would like to drop all events except the lines with "INFO -- :". Logs are gathered by filebeat and then they are send to logstash. Important data are in log inside fields -> deviceId, productId, lang_from, lang_to, text. I tried different combination in filebeat: https://pastebin.com/im20uYWU. Here are config files and patterns: https://pastebin.com/5sSW8n3Z
Currently in Kibana I don't get what I want to have and moreover I got in tags (first one is always but second one appeared):
"beats_input_codec_plain_applied, _grokparsefailure"
Honestly I stucked.
PS
How to drop many events if
- drop_event: when: regexp: message: "^D,"
allow only one type of "message"?