Hello everyone, I'm trying to implement a Logstash filter that drops syslogs messages that end with a specific substring, something like this:
filter {
if [message].endsWith("substring") {
drop {
}
}
}
Has anyone here implemented such a filter? If so can you please share with me how this can be done?
Thank you
Hi,
I think the easiest way to do that is, like you suggest, with conditions.
According to the documentation, you can use regexp in conditions. So, you have to create a regex who recognised every message who end with the substring, if the pattern match your message then drop the event.
if [message] =~ /^.*substring$/ {
drop {}
}
Cad.
I had to slightly modify the regex but this worked. Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.