Hi,
I want to exclude the some domain name *.com in my messages while storing into elasticsearch.
How to mention in grok filter section ?
Thanks,
You don't do it in grok, you should grok the message and then drop it - https://www.elastic.co/guide/en/logstash/current/plugins-filters-drop.html - using a conditional.
Hi,
I have tried like this below but its not work for me.
if [hostname] == "domain name" {
drop { }
}
Without knowing what the hostname field actually looks like we can't tell what's wrong.
Hi,
The hostname field actually looks like *.abc.com
Thanks
It's literally "*.abc.com" or a string that ends with ".abc.com", like "some-random-hostname.abc.com"? In the latter case use a regexp match conditional:
if [hostname] =~ /\.abc\.com$/ {
drop { }
}