Experts:
I would like to drop all the events and process only those events which match .1. criteria in the message.
I have written as below but not working. Could you please help how to write using regex.
if [message] !~ /*.1.*/{
drop {}
}
I observed nothing is written to the elasticsearch index.
Any thoughts ?
* doesn't mean what you think it means, and periods must be escaped. Regular expression solution:
if [message] !~ /\.1\./ {
A probably quicker option:
if ".1." not in [message] {Thank you for the info Magnus. It worked and resolved my issue and also saved time.
Thank you so much.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.