I want to index only the logs contain the word "production" , anywhere in the log .
if the word " production" not present in log ... i dont want to index that line
if [message] !~ "production" { drop {} }
1 Like
Thank you badger . It is working well . May i add one more word with this production .
Like Production or Deliver
I want to drop the lines those not contains Production or Deliver.
If you want to keep lines only if they contain both then
if [message] !~ "production" or [message] !~ "deliver" { drop {} }
If you want to keep lines that contain either then
if [message] =~ "production" or [message] =~ "deliver" {} else { drop {} }This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.