Filter Not Working (Version 2.3.1)

VenkataMR · May 1, 2016, 3:29pm

New to Logstash, was trying to filer certain messages which have matching either of INFO, ERROR, WARNING and having time stamp in certain format only. I don't want any other message by having bellow filter.

filter { date { match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] } grok { match => [ "message" , "INFO" ] } grok { match => [ "message" , "ERROR" ] } grok { match => [ "message" , "WARNING" ] } }
But i see messages like below were as well getting filtered.
qqqqqqqqqqqqqqqqqqqqqqqqq or aaaaaaaaaaaaaaaaaaaaaaa

Something missing in the filter?

Thanks

warkolm · May 1, 2016, 10:28pm

So you don't want messages with INFO/ERROR?WARNING, and with that date format to be processed?

VenkataMR · May 2, 2016, 2:05am

I want messages which contain INFO or ERROR or WARNING or having timestamp to be filtered to output. Rest all messages should be stopped for writing to output stream.

VenkataMR · May 5, 2016, 12:51pm

Any issue with the configuration

fbaligand · May 5, 2016, 5:09pm

grok is useful to transform an unstructured message to a document.
It's not done to remove some messages.

If you want to do that :

if [message] !~ "INFO|WARNING|ERROR" {
  drop{}
}

Topic		Replies	Views
Date filter does not work Logstash	4	360	May 1, 2021
Why is this logstah filter not working as intended? Logstash	2	290	September 13, 2020
Date Filter Doesn't Work Logstash	6	923	November 2, 2018
Date filter issues Logstash	3	485	July 6, 2017
Date FIlter - _dateparsefailure [SOLVED] Logstash	21	21602	November 4, 2022

Filter Not Working (Version 2.3.1)

Related topics