Hello, I was wondering on how I would go about taking only specific pieces of data from a log instead of passing the entire log to elasticsearch. Is there a way to currently do this?
Logstash has to read the entire file, but you can use filters to drop data you don't want
filter{
if [message] =~/DEBUG/) {
drop{}
}
}