Hi,
Need to filter data based on specific dates and days.
Suggest any filter plugin that will fulfil my requirement.
Thanks
You can use ruby filter with the specific condition something like the below if you are getting the day in the logline
ruby {
code => "event.cancel if "Day" = "Sunday""
}
If you want to drop events then you can either use a drop {} filter (if you can identify the events using a logstash conditional) or use event.cancel within a ruby filter to implement much more complicated filtering of events.
How to choose between them will require a more detailed problem specification. For example, do you want to drop everything from a certain list of dates, or everything on a Saturday? Is this based on [@timestamp] or some other field?
Please show a field you want to filter on, either from the output of output { stdout { codec => rubydebug } }, or else JSON from Kibana, as well a specific example of filtering that you want to implement.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.