Elasticsearch ingest pipeline drop processor no worky :(

nilsenj · September 10, 2019, 1:07pm

Hello fellow log ingestors,

I have an ingest pipeline to ingest logs however I want to drop the document if it contains a certain string in the message field. I am trying to use the drop processor for this but the document does not seem to get dropped.

I have the following drop processor:

"drop": {
               "if" : "ctx.message == '(^commit{dir=.+)'"
            },

I am expecting this to drop any document with a matching expression in the message field but this is not happening. Am I misunderstanding how this processor works?

Thanks

nilsenj · September 11, 2019, 12:55pm

Ok, so after much googling I found this https://github.com/elastic/elasticsearch/issues/36150.

This is a known bug which is fixed in 7.4

system · October 9, 2019, 12:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.