Hi,
How can i filter the logs that are saved within ES in order to have only valid data that has no grok parse failure or date parse error? My approach is bellow
output {
if ("_grokparsefailure" not in [tags]) or ("_dateparsefailure" not in [tags]) {
elasticsearch {
hosts => ["http://es01:9200","http://es02:9200","http://es03:9200"]
# index => "%{[indexPrefix]}-logs-%{+dd.MM.YYYY}"
index => "filebeat-kafka-logstash-%{+YYYY.MM.dd}"
# index => "logstash-%{[type]}-%{+YYYY.MM.dd}"
ecs_compatibility => disabled
}
}
}