Hello, I was wondering on how I would go about taking only specific pieces of data from a log instead of passing the entire log to elasticsearch. Is there a way to currently do this?
Logstash has to read the entire file, but you can use filters to drop data you don't want
filter{
if [message] =~/DEBUG/) {
drop{}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.