Drop filter in Logstash filter not working for the below event

Subrato1 · September 15, 2023, 8:39am

Event in Logstash :

{
      "timestamp" => "2023-09-13T05:10:52.527038098Z",
       "user" => "admin",
       "type" => "icd_postgresql",
       "status" => "INSERT INTO t1 SELECT i/100, i/500   FROM generate_series(1,1000000) s(i);",
      "ID1" => "00000",
      "@version" => "1",
      "accountId" => "2212c4a700f44505a917e8fcb952c4ce",
      "dbname" => "ibmclouddb",
      "detail" => ":b6abb2aa-ef85-494e-a174-12cd7223d9e7",
      "clientIP" => "172.30.12.192",
      "timezone" => "UTC",
      "statement" => "STATEMENT"
}

Filter for drop this event:

filter {
if [ID1] == "00000" and [statement] == "STATEMENT"
{
 drop {}
}
}

Badger · September 15, 2023, 6:31pm

That conditional drop works for me. Maybe your event does not look the way you think it does.

system · October 13, 2023, 6:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter no longer works after upgrading Logstash	2	293	June 12, 2018
Drop Event older than 24 hours Logstash	8	2215	June 11, 2018
Logstash drop filter plugin Logstash	2	196	January 3, 2023
[SOLVED] Drop filter issue Logstash	5	836	July 6, 2017
Creating drop filters based on a string search in a message field Logstash	13	38915	November 4, 2022

Drop filter in Logstash filter not working for the below event

Related Topics