Hello,
I've got a couple of NGINX instances running behind an ALB in AWS. I have Logstash forwarding the instances' access logs to elastic search instances. I've been trying to filter out the ELB health checks from being push to Elastic Search. Something like this:
output {
if "[@metadata][user_agent]" != "ELB-HealthChecker/2.0" {
elasticsearch {
hosts => "XX.XXX.XX.XXX:9200"
manage_template => false
index => "nginx-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
I tried going the other way too. Creating a new filter and using the the drop plugin. Something to the effect of:
filter {
if "[nginx][access][user_agent]" == "ELB-HealthChecker/2.0" {drop {}}
}
neither of these seem to exclude the health checks from Elastic.