Drop message based on lookup table content?

andre22 · December 28, 2018, 2:05pm

Hi all, I want to drop some messages in Logstash when they contain specific strings, which I would like to maintain in a separate file so I can edit this as needed.

An example: the field "syslog_message" contains (or equals) "Started Proxmox VE replication runner." or "domain" is "bookmarks.fe.apple-dns.net ".

How can this be done?

Thank you
andre

warkolm · December 28, 2018, 9:49pm

The three ways I can think of this are;

Just add it to the config and then use dynamic reloading
Use a translate table lookup to add a tag you can then conditionally drop
Do the same thing as 2, but use an Elasticsearch index to look it up

system · January 25, 2019, 10:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop messages that end with specific substring Logstash	3	645	August 26, 2021
Need help dropping specific messages Logstash	5	304	August 25, 2023
Drop the complete message containing specific strings Logstash	9	6958	October 3, 2019
Creating drop filters based on a string search in a message field Logstash	13	38918	November 4, 2022
[SOLVED] Drop filter issue Logstash	5	836	July 6, 2017

Drop message based on lookup table content?

Related Topics