Logstash drop filter plugin

bex · December 6, 2022, 6:10am

As we know, we can drop like that:
if [log][file][path] == "/var/log/messages" {
drop {}
}
But I have case when I am getting logs in format "/var/log/messages-20221212" or "/var/log/messages-date"

But logstash drop filter plugin is not understanding:
if [log][file][path] == "/var/log/messages-*" {
drop {}
}
Can anyone help me?
Thanks

Rios · December 6, 2022, 7:19am

Try with:

if ( [log][file][path] =~ /^\/var\/log\/messages-\d+/)  {
  drop {}
}

You can also use without \d+ at the end in case you don't want a number validation, at the end.

system · January 3, 2023, 7:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop messages that end with specific substring Logstash	3	643	August 26, 2021
Creating drop filters based on a string search in a message field Logstash	13	38915	November 4, 2022
Drop filter in Logstash filter not working for the below event Logstash	2	176	October 13, 2023
[SOLVED] Drop filter issue Logstash	5	836	July 6, 2017
Drop complete row or message Logstash	2	118	January 12, 2024

Logstash drop filter plugin

Related Topics