Drop filter in Logstash filter not working for the below event

Subrato1 · September 15, 2023, 8:39am

Event in Logstash :

{
      "timestamp" => "2023-09-13T05:10:52.527038098Z",
       "user" => "admin",
       "type" => "icd_postgresql",
       "status" => "INSERT INTO t1 SELECT i/100, i/500   FROM generate_series(1,1000000) s(i);",
      "ID1" => "00000",
      "@version" => "1",
      "accountId" => "2212c4a700f44505a917e8fcb952c4ce",
      "dbname" => "ibmclouddb",
      "detail" => ":b6abb2aa-ef85-494e-a174-12cd7223d9e7",
      "clientIP" => "172.30.12.192",
      "timezone" => "UTC",
      "statement" => "STATEMENT"
}

Filter for drop this event:

filter {
if [ID1] == "00000" and [statement] == "STATEMENT"
{
 drop {}
}
}

Badger · September 15, 2023, 6:31pm

That conditional drop works for me. Maybe your event does not look the way you think it does.

system · October 13, 2023, 6:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.