Drop logs when there is a jsonparsefailure

Deb · September 4, 2015, 7:27am

Hi,

I am trying to push some of our logs to elasticsearch via logstash. Can some one let me know how can I drop the logs in logstash itself if the logs are not in proper json format , before they are being pushed to elasticsearch.

I can see a _jsonparsefailure in thetagsarray. But I am not sure how to search in thetagsarray for_jsonparsefailurestring and drop the log event? Can someone let me know thefilter` config for the logstash?

magnusbaeck · September 4, 2015, 7:33am

filter {
  if "_jsonparsefailure" in [tags] {
    drop { }
  }
}

See the conditionals documentation.

Deb · September 4, 2015, 7:34am

Found in the logstash doc the in conditional

filter {
  if "_jsonparsefailure" in [tags] {
        drop { }
  }
}

Deb · September 4, 2015, 7:35am

Thanks @magnusbaeck

Topic		Replies	Views
If _jsonparsefailure in [tags] Logstash	4	8784	February 26, 2017
Drop logs on the basis _jsonparsefailure Logstash	4	1378	November 6, 2018
Logstash parse only JSON messages Logstash	3	376	June 29, 2018
Silence json parse failures from Logstash logs? Logstash	2	752	May 12, 2017
_jsonparsefailure with grok in Logstash Logstash	3	470	April 9, 2020

Drop logs when there is a jsonparsefailure

Related Topics