How to filter data from beat in logstash

IL_Mare · February 5, 2021, 3:31pm

Hello. I need to add data comes from beats to ElasticSearch. But before I need to filter to keep only records that have "status" and status is not "sent". I wrote next configuration for it.

input {
  beats {
    port => 5055
  }
}

filter {
  if ["status="] not in [message] {
    drop{}
  }
  if ["status=sent"] in [message] {
    drop{}
  }
}

As result I got "TypeError: can't convert nil into String". I suppose the reason is "message" field but I didn't manage to understand the name of field that contain all text. Thanks for responses.

PS: The data to beats sent from filebeat.

system · March 5, 2021, 3:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat and parsing Beats	3	648	July 12, 2017
How to filter beat data by version on logstash? Logstash	3	629	August 22, 2020
Filters in filebeat Beats filebeat	2	1274	February 28, 2017
Modifying / using beats field in logstash filter Logstash	2	829	October 31, 2017
Add filter to send specific fields to elasticsearch Logstash	12	1618	March 12, 2019

How to filter data from beat in logstash

Related topics