Elasticsearch ingest pipeline drop processor no worky :(

nilsenj · September 10, 2019, 1:07pm

Hello fellow log ingestors,

I have an ingest pipeline to ingest logs however I want to drop the document if it contains a certain string in the message field. I am trying to use the drop processor for this but the document does not seem to get dropped.

I have the following drop processor:

"drop": {
               "if" : "ctx.message == '(^commit{dir=.+)'"
            },

I am expecting this to drop any document with a matching expression in the message field but this is not happening. Am I misunderstanding how this processor works?

Thanks

nilsenj · September 11, 2019, 12:55pm

Ok, so after much googling I found this https://github.com/elastic/elasticsearch/issues/36150.

This is a known bug which is fixed in 7.4

system · October 9, 2019, 12:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop document in ingest pipeline Elasticsearch	4	2368	April 24, 2019
Help with an if statement in a drop processor Elasticsearch ingest-pipeline	3	341	September 7, 2021
Drop processor in Ingest Pipeline Elasticsearch	4	855	February 1, 2018
Ingest Processor Conditional Elasticsearch	2	551	July 7, 2020
Ingest pipeline should work based on conditions Elasticsearch	2	367	July 18, 2020

Elasticsearch ingest pipeline drop processor no worky :(

Related Topics