Drop message based on lookup table content?

Elastic Stack Logstash
1

Hi all, I want to drop some messages in Logstash when they contain specific strings, which I would like to maintain in a separate file so I can edit this as needed.

An example: the field "syslog_message" contains (or equals) "Started Proxmox VE replication runner." or "domain" is "bookmarks.fe.apple-dns.net ".

How can this be done?

Thank you
andre

2

The three ways I can think of this are;

  1. Just add it to the config and then use dynamic reloading
  2. Use a translate table lookup to add a tag you can then conditionally drop
  3. Do the same thing as 2, but use an Elasticsearch index to look it up
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.