ELK | Logging | filter out specific ip's generated WARNs?

Hi elk lovers,
in our Company we are subjected daily to security penetration tests.
All these tests are originated by a specific static ip.
Our elasticsearch log is therefore filled up with WARNs, especially:
[2023-10-28T04:23:02,253][WARN ][o.e.h.AbstractHttpServerTransport] [nodename] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/nodeip:9200, remoteAddress=/remoteaddr:49258}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context

Do you have any advise on how to filter out this specific case from the log?
Note that I'm not willing to generally stop having this WARN type in the log, but only those generated by specific remote client.

I appreciate any support you could give.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.