How to drop/ disable parsing logs from particular hosts using logstash? I have disabled hostdetails in a db table. How to make config file to make this happen? please suggest
You can wrap a drop filter in a conditional that checks the content of a field. Some examples:
You mean to say get db data where disable hostnames present, and compare log. if hostname is from one of the disabled hosts drop message else parse message. Correct me if i am wrong.
With this how can i hold data coming from jdbc filter for using them in filter block?
You mean to say get db data where disable hostnames present, and compare log. if hostname is from one of the disabled hosts drop message else parse message. Correct me if i am wrong.
No, that's right.
With this how can i hold data coming from jdbc filter for using them in filter block?
The details depend on whether you use a jdbc_static or a jdbc_streaming filter, but the general idea is that the plugin stores data from the query in a field that you can access in a conditional in the filter section.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.