Filter on a number in a log catch

pir1981 · November 12, 2017, 8:38pm

Hi,

I have a message

filebeat -- ERROR -- Nov 11 23:59:34 server25 smartd[12032]: Device: /dev/sda [SAT], SMART Prefailure Atribute: 1Raw_Read_Error_Rate changes from XX to YY

Where XX is a number and YY is a number i.e. "83 to 77" or "89 to 100"... Both are different most of the time, not just to each other, but to previous messages as well.
I keep getting this message multiple times a day and would like to only get it when YY drops below ... I guess about 50. I am very new to logstash how can I filter out only YY, change ERROR to WARNIG if it is above 50 and otherwise leave it unchanged if below 50.

Thanks

magnusbaeck · November 14, 2017, 6:27am

Use a grok filter to extract the numbers into separate fields, then wrap a conditional around additional filters that e.g. update the loglevel field or whatever it is you want to do.

Topic		Replies	Views
Passing only loglevel ERROR FROM LOG USING GROK FILTRATION Logstash	7	452	November 25, 2020
Logstash filter on number Logstash	3	299	May 5, 2020
How can I check loglevel with use of If else condition in logstash filter? Logstash	3	1533	October 31, 2020
How to filter the logs which has the numeric value greater than specific number in particular field? Logstash	6	10406	July 6, 2017
Logstash, if statement Logstash	3	260	December 15, 2020

Filter on a number in a log catch

Related topics