Hello,
I need to filter logs in order to get only the message begining by "CALL_END"
This is an example of logs :
here is my logstash config file :
''
input {
udp {
port => 2514
type => "syslog"
}
}
filter{
if "CALL_END" in [message] {
grok {
match => {
"message" =>
"(?[^|]) \|%{WORD:method} | %{WORD:SBC} | %{WORD:name3}@%{IP:IP2} |(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?<Term_raison>[^|])|(?[^|])|(?<Initialising_call>[^|])|(?<Start_call>[^|])|(?<End_call>[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])|(?[^|])
"}
}}}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
''
But the filter is not working.
Any help please ?
Thanks in advance