Dropping logs in logstash

Rupesh_Ranjan · March 30, 2017, 11:35am

Is there any way where i can discard some logs from a log file in case, they match certain query?

for example, i have a log file test-sample.log which has these logs:

abc failed due to something
warning is generated
abc failed due to something

so i want to take whole test-sample.log for log checking, but i want to forward only those lines which contain word "failed" (line 1 and 3 in this case) , to elasticsearch.

magnusbaeck · March 30, 2017, 12:02pm

Use a drop filter and wrap it in a conditional.

if [fieldname] =~ /failed/ {
  drop { }
}

Rupesh_Ranjan · March 30, 2017, 12:45pm

Wow, That helped. Thanks.

Rupesh_Ranjan · March 31, 2017, 6:38am

Does that work for regex comparisons too?

e.g.

if [fieldname] =~ /fa*/ {
drop { }
}

P.S. I am using logstash version 5.2.2.

magnusbaeck · March 31, 2017, 6:40am

Yes, see https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html.

system · April 28, 2017, 6:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Creating drop filters based on a string search in a message field Logstash	13	38944	November 4, 2022
Logstash Grep and Drop Logstash	4	3556	July 6, 2017
Logstash drop filter plugin Logstash	2	198	January 3, 2023
How to drop event in logstash Logstash	4	2191	September 21, 2018
How to drop the following documents? Logstash	3	123	May 29, 2024

Dropping logs in logstash

Related topics