How to push droped events into elastic search

rahulkothanath · May 26, 2019, 2:54pm

I have to index dropped events from filter plugin into elastic search . below is a sample code.

filter{

grok {
       match =>{ "message" => "(?<tran_type_isg>(?<=^.{58}).{3})(?<trash>.{11})(?<tran_type_ab>.{3})"}
       
       }
#checking transaction type and parsing
 if [tran_type_ab] == "ABC"{
     #do something
	 match => { "message" => "(?<CRD_NO>(?<=^.{58}).{3})"  }
 } 
 else if [tran_type_ab] == "DEF"{
 #do something
 }
 else{
 
 drop{}
 #how to index dropped events into elastic search?
 }
}

I also would like to know the location where dropped events are placed if any?

thanks
for reading and helping

Badger · May 26, 2019, 3:19pm

They are not placed anywhere. They are dropped -- i.e. deleted. If you want to index them then do not drop them.

system · June 23, 2019, 3:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop event Logstash	8	6824	May 9, 2018
Elasticsearch filter plugin Logstash	1	479	September 7, 2017
Index matched patterns and drop unmatched Logstash	2	617	June 4, 2019
Attempting to use drop filter to discard events that match a type and string Logstash	3	1059	July 6, 2017
Drop events if regex does not match in ElasticSearch Elasticsearch	1	1035	June 30, 2021

How to push droped events into elastic search

Related topics