Need your expert advise on how can I configure my logstash.conf file to forward only the ERROR OR WARN log lines to Splunk. I have done some online research that a grok filter or wrapping the output with if condition can be used in order the acheive the required result.
I prefer not to send the data with INFO OR DEBUG logging levels to Splunk, therefore, looking forward to getting some clean solution to implement it in logstash config file to control the data which is sent to Splunk.
Please advise how logstash.conf should be updated to achieve the required result.
I would appreciate if you could share a working example on the same.