I want replace severity_label with INFO instead of NOTICE

hi ,

I am receiving bulk of 'NOTICE' alerts from my logs, so i want to modify that logs as INFO instead of NOTICE. for this i am using the below filter

if [program] == "logstash_alerts" and "Error getting for log" in [message] {
mutate {
replace => { "severity_label" => "INFO" }
}
}

my intention is when program name is logstash_alerts and Error getting for log message in message then change that severity_label as INFO. so am able to replace but when save that logs with below output filter still existing NOTICE only. could you please help me any one on this.

file {
path => "/hom/local/trap_testing/1.log"
codec => line { format=>"%{message}"}

    }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.