Hello,
we used logstash 1.4.2 and will update to 1.5.0. In logstash 1.4.2 we used grep as filter. For logstash 1.5.0 filter grep is never available, I think. Is there any alternative for grep or how can we change our configuration?

Here our config-file:

input {
file {
path => "/var/log/glassfish/server.log"
type => "exceptions"
discover_interval => 10
}
...
}
if [type] == "exceptions" {
grok {
break_on_match => false
type => "exceptions"
match => [
"message", "(?m)[#|%{TIMESTAMP_ISO8601:timestamp}|%{LOGLEVEL}|%{DATA:server_version}|%{JAVACLASS:javaclass}|_ThreadID=%{INT:threadId};_ThreadName=%{USERNAME:threadName};|%{DATA:startException:}Exception:%{DATA:exceptionmessage}#]"
}
#########################

alternative for this part, everything else work

grep {
      type => "exceptions"
      match => [ "tags", "_grokparsefailure" ] negate => true
}

#########################
}
...
}
output {
if [type] == "exceptions" {
elasticsearch {
type => "exceptions"
cluster => "cluster1234"
index => "exceptions"
}
}
...
}

Thanks,
Stefan

Maybe something like:

filter{
...
        if ([type] == "exceptions" and "_grokparsefailure" in [tags]) {
           mutate { negate => true }
        }
...

Hi yuphing,

thanks for your reply, this works.