How to send logs to http output plugins conditionally

I have one application that I need to monitor which sends the same logs until that error is not resolved. Now, I need to send a notification to Slack when this particular error occurs.

Consider these two sample logs:

{"@timestamp":"2020-07-31T18:04:23.924Z", "syslog5424_msg":"System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."}

{"@timestamp":"2020-07-31T18:04:25.194Z", "syslog5424_msg":"System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."}

The app I need to monitor sends the above logs with having timestamp difference of a few seconds, and if I send a stream of logs to slack, the channel will flood witch this alert.

What I'm trying to achieve is send an alert every 30 sends, for that, I'm thinking to take the timestamp difference between two logs, and if their difference is 30 sec send alert to slack else send it to elastic search.

My question is how do I keep track of previous log timestamp, I'm aware of the fact that logstash reads logs in-stream, so is it possible to store the timestamp of the previous log and compare it with the current log?

filter{
  if [syslog5424_msg] =~ /(System.Security\.Authentication\.AuthenticationException:\sThe\sremote\scertificate\sis\sinvalid\saccording\sto\sthe validation\sprocedure\.)/{
   mutate {
      add_tag => ["Slack"]
    }
  }
  }
output {
if "Slack" in [tags] {
    http  {
      http_method => "post"
      url => "https://hooks.slack.com/services/xxx/xxx/xxx"
      format => "message"
      message => '{ "channel": "alerts", "text":"warning" }'
    }
}

This has an example of how to process conditionally based on age.

But how do I keep track of previous log timestamp?

Sorry, I answered a different question. You should be able to achieve what you want using a throttle filter.