Is it possible to use the elasticsearch template to create a filter template in logstash

nlh · March 2, 2018, 1:08pm

OK, so found out that auditbeat is sending the entries as a json format. So I'm guessing I need to filter with something like:

filter {
  json {
    source => "message"
    if [user.name_map.auid] == "nagios" {
      drop { }
    }
  }
}

Trying to lose the ones created by nagios. Cheers

Topic		Replies	Views
Sending Auditbeat data to Logstash Beats auditbeat	3	2303	November 4, 2022
Guidance on filtering in the logstash.conf file Logstash	7	601	March 30, 2018
Can custom created logs from Logstash be shipped to ES using Filebeat? Beats filebeat	5	1185	October 9, 2017
Not getting parsed logs to Elasticsearch but able to see in logstash Elasticsearch	1	414	October 4, 2018
Loading Index Template Beats	2	289	December 12, 2019