hi ,
I am receiving bulk of 'NOTICE' alerts from my logs, so i want to modify that logs as INFO instead of NOTICE. for this i am using the below filter
if [program] == "logstash_alerts" and "Error getting for log" in [message] {
mutate {
replace => { "severity_label" => "INFO" }
}
}
my intention is when program name is logstash_alerts and Error getting for log message in message then change that severity_label as INFO. so am able to replace but when save that logs with below output filter still existing NOTICE only. could you please help me any one on this.
file {
path => "/hom/local/trap_testing/1.log"
codec => line { format=>"%{message}"}
}