Drop message if tag is search and message has multiple strings

Abinnd_G · September 20, 2019, 8:44pm

I am looking for dropping a message from the tag search if message has
the following strings.

if "WARN" in [message] { drop{ } }
if ".java:" in [message] { drop{ } }
if "has open connections " in [message]

How can I achieve this, will the below approach work

filter {
if "search" in [tags] and [message] =~ /(WARN|has open connections|.java:)/ { drop{} }
}

Badger · September 20, 2019, 8:50pm

I would expect that to work.

Abinnd_G · September 24, 2019, 10:46am

No its not working.

Messages are not getting dropped.

system · October 22, 2019, 10:46am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop the complete message containing specific strings Logstash	9	7010	October 3, 2019
Drop if message contains text from a List of Strings Logstash	2	6859	September 4, 2018
Creating drop filters based on a string search in a message field Logstash	13	38944	November 4, 2022
Drop messages that end with specific substring Logstash	3	648	August 26, 2021
How to drop event in logstash Logstash	4	2191	September 21, 2018