I want drop logfile mean shoudn't export to elasticsearch, like if any log message contains "monitoring" keyword i want to drop that event. can any anyone suggest me how to do that ?
filter {
if [loglevel] == "debug" {
drop { }
}
}
The above example will drop the event when loglevel debug, but drop event when log message contains "monitoring" keyword
if "monitoring" in [message] {@magnusbaeck thanks it worked. how to set 2 keywords?
example :
if "monitoring" and " harvestor" in [message] {
if "x" in [message] and "y" in [message] {
You can also use a regular expression.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.