Experts:
I would like to drop all the events and process only those events which match .1. criteria in the message.
I have written as below but not working. Could you please help how to write using regex.
if [message] !~ /*.1.*/{
drop {}
}
I observed nothing is written to the elasticsearch index.
Any thoughts ?
* doesn't mean what you think it means, and periods must be escaped. Regular expression solution:
if [message] !~ /\.1\./ {
A probably quicker option:
if ".1." not in [message] {Thank you for the info Magnus. It worked and resolved my issue and also saved time.
Thank you so much.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.