so Im trying to filter out a event code in my logstash conf file..
so I have the basic conf..
input {
beats {
port => ....
type => "log"
}
}
to filter I put this
filter {
if [type] == "wineventlog" and [event_id] == 33205 {
drop { }
}
}
... this filter doesnt work and gives me errors?
What are the errors?
i figured out my error from another post in the forum. thank you. im suppose to do
if [winlog][event_id] = 33205 {
drop { }
}
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.