Filter specific Message with logstash before sending to ElasticSearch


I had like to know if it is possible to send only specific log messages to elasticsearch via logstash? E.G let's say I have these messages in my log file:

2015-08-14 12:21:03 [31946] PASS level2 level2
2015-08-14 12:25:00 [2492] domainlist "/etc/ufdbguard/blacklists/filehosting/domains
2015-08-14 12:21:03 [31946] PASS level2 level2

I had like to skip the second line when logstash/log forwarder process this log, is it possible to instruct it to skip any log message with the keyword 'domainlist'? Or allow only log messages with the keyword 'PASS'?

Thanks in advance for your help :smile:

Use a conditional:

output {
  if "PASS" in [message] {
    elasticsearch {
1 Like

Thanks for your help :slight_smile: