Hi Guys
im having trouble to add filter on respons_code
in kibana im doing it easily : response_code:[400 TO 600]
how to translate it to grok and filter in filter.conf ?
Thanks
I am not sure I understand the question.
Is this for Logstash grok ?
What is an example string you want to parse ?
What are the parts you want as the result of the parsing ?
Hi
Thanks for the fast response
yes it for logstash grok
im trying to do something like this
json{
if ["_source"]["response_code"] is not between "400..600"
drop { }
}
i have messages that im collecting and I want to see only the messages that are relevant for me
which means only those who holds in response code the range between 400 TO 600 if it is not in the range i don't want them to be seen at all in kibana
any idea the piece of code i wrote doesn't wok ... 
Thanks
I think this is the conditional you want (in the filter section):
if [response_code] >= 400 and [response_code] <= 600 {
drop {}
}
}
Usually with Logstash you are not working against the _source root (unless you are using the elasticsearch input). Also, the conditional should be outside the filter, in your example the json{} block should before or after the conditional, not around it.
hope this helps.
Hi
thank you this what i needed ...
if [response_code] =~ "^[1-3]" {
drop { }
}
thank you very much
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.