How can we use "filter" settings in logstash-input-journald plugin?


Please let me know in detail how to use filter keyword in logstash input configuration of logstash input jouranld plugin?

my aim to parse only some logs not all so how to do that.

use of this .....

Filter on events. Not heavily tested.

config :filter, :validate => :hash, :required => false, :default => {}


The filter hash is just passed to the filter function of the journal object, so I would check the documentation for that.

Note that the journald input is a proof-of-concept, not a fully supported plugin.

Thanks Badger,

i am new in logstash, Can you please explain it in detail with example.

The documentation I linked to includes an example.

Thanks Badger, yes documentation is needful

Hi Badger,

i am using "filter => {syslog_identifier => 'su'}" in input configuration, but it is not showing any affect to use filter setting with journald plugin.

please let me know the right way to use this.

i am using input as below mention

input {
journald {
#filter => 'SYSLOG_IDENTIFIER=su'
lowercase => true
seekto => "tail"
thisboot => true
type => "journald"
tags => [ "journald" ]
path => "/run/log/journal"
sincedb_path => "/tmp/.sincedb_journal"
#filter { SYSLOG_IDENTIFIER => "su" }
filter => {syslog_identifier => 'su'}

my aim to filter only "_comm" => 'su'.

Badger, can you explain above query.

Hi Badger,
please do reply i am also interested to know the answer.
please suggest one example to use filter in input journald plugin.

Hi Badger,

Can you please help us to know this input configuration to use filter in journald plugin

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.