Keyword filter

Configured in which there is an input and output file
input
{
file
{
path => "/ home / sonic / log / vs01 / test_new.log"
start_position => "beginning"
ignore_older => 0
sincedb_path => "/ dev / null"
}}

output
{
file
{
path => "/ home / sonic / log / vs01 / test_out.log"
}}

We have several unnormalized logs (see example)
You do not need to parse the logs, you need to find a line in which there are several keywords, for example: "F19021 out" and only write this word in the output file

How to do it?

Example log:
: 50K: / 47
IN08.PP770
GRUPPm
: 53B: / 3
: 59: / 40
IN77.PP773
NTO
m
: 70: PO TU n49 OT 01.31.19G. V
T.c. S (2.00): 14-44
: 71A: OU
F19021 out
: 72: /RPP/27.1913.01
/ DAS / 1900 + VP
F19021
-}
[19/02/13 23:08:25] ID = esbBqSwMQ (info) [SwMQ.srv.WMQJMSSender] Initializing Converter Using default bean configuration .....
[19/02/13 23:08:25] ID = esbBqSwMQ (info) [SwIMQ.srv.WMQJMSSender] Successful in sending message
[19/02/13 23:08:25] {108: 00}} {4:
: 20: + F19021 out
: 23B: CR
: 32A: 1900.00

The logstash config language conditional logic syntax has support for regular expression test and negated regular expression test.

filter {
  if [message] !~ /F19021 out/ {
    drop {}
  }
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.