Keyword filter

Alexas · March 14, 2019, 1:44pm

Configured in which there is an input and output file
input
{
file
{
path => "/ home / sonic / log / vs01 / test_new.log"
start_position => "beginning"
ignore_older => 0
sincedb_path => "/ dev / null"
}}

output
{
file
{
path => "/ home / sonic / log / vs01 / test_out.log"
}}

We have several unnormalized logs (see example)
You do not need to parse the logs, you need to find a line in which there are several keywords, for example: "F19021 out" and only write this word in the output file

How to do it?

Example log:
: 50K: / 47
IN08.PP770
GRUPPm
: 53B: / 3
: 59: / 40
IN77.PP773
NTO
m
: 70: PO TU n49 OT 01.31.19G. V
T.c. S (2.00): 14-44
: 71A: OU
F19021 out
: 72: /RPP/27.1913.01
/ DAS / 1900 + VP
F19021
-}
[19/02/13 23:08:25] ID = esbBqSwMQ (info) [SwMQ.srv.WMQJMSSender] Initializing Converter Using default bean configuration .....
[19/02/13 23:08:25] ID = esbBqSwMQ (info) [SwIMQ.srv.WMQJMSSender] Successful in sending message
[19/02/13 23:08:25] {108: 00}} {4:
: 20: + F19021 out
: 23B: CR
: 32A: 1900.00

guyboertje · March 14, 2019, 3:55pm

The logstash config language conditional logic syntax has support for regular expression test and negated regular expression test.

filter {
  if [message] !~ /F19021 out/ {
    drop {}
  }
}

system · April 11, 2019, 3:55pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to serach message including "keyword" and format message Logstash	1	238	October 13, 2020
PipeLine-> Filters-> (tags?)-> Is it possible to parse message by specific keywords after pattern parsing log message Logstash	5	1484	March 27, 2019
Logstash if condition regex Logstash	5	6504	April 8, 2020
Logstash grep and grok Logstash	4	1245	November 15, 2020
Conditional Filter issue Logstash	4	314	May 14, 2020

Keyword filter

Related Topics