Hi,
I implemented an ELK Stack about a week ago and we have received over 16 million entries which a majority is not necessarily useful and we are looking into filtering it out.
Our incoming data is syslog and there is a field called syslog_program which we want to filter with as a majority of our incoming data has RT_FLOW as syslog_program.
How can I tell Logstash to discard any RT_FLOW's so they are not saved and take up storage on our server?
What's already there is fine, we just want to make sure in the future RT_FLOW's are ignored as they are the majority and useless.