Logstash drop filter plugin

bex · December 6, 2022, 6:10am

As we know, we can drop like that:
if [log][file][path] == "/var/log/messages" {
drop {}
}
But I have case when I am getting logs in format "/var/log/messages-20221212" or "/var/log/messages-date"

But logstash drop filter plugin is not understanding:
if [log][file][path] == "/var/log/messages-*" {
drop {}
}
Can anyone help me?
Thanks

Rios · December 6, 2022, 7:19am

Try with:

if ( [log][file][path] =~ /^\/var\/log\/messages-\d+/)  {
  drop {}
}

You can also use without \d+ at the end in case you don't want a number validation, at the end.

Topic		Replies	Views
Creating drop filters based on a string search in a message field Logstash	13	39450	November 4, 2022
Dropping logs in logstash Logstash	5	2861	April 28, 2017
Logstash drop filter is not dropping events Logstash	2	1168	November 4, 2022
Drop the complete message containing specific strings Logstash	9	7735	October 3, 2019
Drop log messages that don't contain absolute path to application data Logstash	6	584	December 14, 2016

Logstash drop filter plugin

Related topics