Dear all experts,
I have do the maintainance work of one huge system, and I use the logstash pattern to parse the related logs to find the abnormal information. Of course logstash will grep all of abnormal logs according to the error pattern.
Now I have a question of handling known issue, every parsing action will generate a lof of abnormal logs, but some of them are expected for system, is there a method that can filter these known issue logs?
I have designed a idea, that add the expected tag to every known issue record, then grep the type of tag to filter it, it can work and satisfy for me currently, but you know, when the new expected issues are detected, I will add them to the logstash pattern, gradually, the pattern will become too fat to execute, therefore do you have any other idea to handle and filter the known issue information?
Thank you.