Drop message based on lookup table content?

andre22 · December 28, 2018, 2:05pm

Hi all, I want to drop some messages in Logstash when they contain specific strings, which I would like to maintain in a separate file so I can edit this as needed.

An example: the field "syslog_message" contains (or equals) "Started Proxmox VE replication runner." or "domain" is "bookmarks.fe.apple-dns.net ".

How can this be done?

Thank you
andre

warkolm · December 28, 2018, 9:49pm

The three ways I can think of this are;

Just add it to the config and then use dynamic reloading
Use a translate table lookup to add a tag you can then conditionally drop
Do the same thing as 2, but use an Elasticsearch index to look it up

Topic		Replies	Views
Drop filter not working Logstash	4	1788	July 6, 2017
Drop if message contains text from a List of Strings Logstash	2	6933	September 4, 2018
Dropping logs in logstash Logstash	5	2860	April 28, 2017
Drop the complete message containing specific strings Logstash	9	7735	October 3, 2019
Where should I drop records? And how? Logstash	3	344	November 16, 2020

Drop message based on lookup table content?

Related topics