Drop message based on lookup table content?

andre22 · December 28, 2018, 2:05pm

Hi all, I want to drop some messages in Logstash when they contain specific strings, which I would like to maintain in a separate file so I can edit this as needed.

An example: the field "syslog_message" contains (or equals) "Started Proxmox VE replication runner." or "domain" is "bookmarks.fe.apple-dns.net ".

How can this be done?

Thank you
andre

warkolm · December 28, 2018, 9:49pm

The three ways I can think of this are;

Just add it to the config and then use dynamic reloading
Use a translate table lookup to add a tag you can then conditionally drop
Do the same thing as 2, but use an Elasticsearch index to look it up

system · January 25, 2019, 10:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop if message contains text from a List of Strings Logstash	2	6859	September 4, 2018
Drop messages that end with specific substring Logstash	3	648	August 26, 2021
Drop message if tag is search and message has multiple strings Logstash	3	495	October 22, 2019
Drop filter not working Logstash	4	1737	July 6, 2017
Need help dropping specific messages Logstash	5	306	August 25, 2023

Drop message based on lookup table content?

Related topics