Hi,
I want to drop full row based on one of the field. I am using following in filter.
filter {
grok {
match => {"message" => ["%{IP:ip} %{SPACE}\{user:%{USERNAME:UserId}\}"]}
}
date {
locale => "en"
timezone => "UTC"
match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss"]
target => "@timestamp"
}
if "ANONYMOUS" in [UserId] {
drop { }
}
else {
}
}
When I run, this, all log lines end up in kibana only difference is that all fields like ip and userID are -.
Also I want to process all log files in folder created after specific time. is there any filter for that?