Hi,
Please let me know in detail how to use filter keyword in logstash input configuration of logstash input jouranld plugin?
my aim to parse only some logs not all so how to do that.
use of this .....
#
config :filter, :validate => :hash, :required => false, :default => {}
thanks
The filter hash is just passed to the filter function of the journal object, so I would check the documentation for that.
Note that the journald input is a proof-of-concept, not a fully supported plugin.
Thanks Badger,
The documentation I linked to includes an example.
Thanks Badger, yes documentation is needful
Hi Badger,
i am using "filter => {syslog_identifier => 'su'}" in input configuration, but it is not showing any affect to use filter setting with journald plugin.
please let me know the right way to use this.
i am using input as below mention
input {
journald {
#filter => 'SYSLOG_IDENTIFIER=su'
lowercase => true
seekto => "tail"
thisboot => true
type => "journald"
tags => [ "journald" ]
path => "/run/log/journal"
sincedb_path => "/tmp/.sincedb_journal"
#filter { SYSLOG_IDENTIFIER => "su" }
filter => {syslog_identifier => 'su'}
}
}
my aim to filter only "_comm" => 'su'.
Badger, can you explain above query.
Hi Badger,
please do reply i am also interested to know the answer.
please suggest one example to use filter in input journald plugin.
Hi Badger,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.