Logstash drop filter plugin

bex · December 6, 2022, 6:10am

As we know, we can drop like that:
if [log][file][path] == "/var/log/messages" {
drop {}
}
But I have case when I am getting logs in format "/var/log/messages-20221212" or "/var/log/messages-date"

But logstash drop filter plugin is not understanding:
if [log][file][path] == "/var/log/messages-*" {
drop {}
}
Can anyone help me?
Thanks

Rios · December 6, 2022, 7:19am

Try with:

if ( [log][file][path] =~ /^\/var\/log\/messages-\d+/)  {
  drop {}
}

You can also use without \d+ at the end in case you don't want a number validation, at the end.

system · January 3, 2023, 7:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop messages that end with specific substring Logstash	3	648	August 26, 2021
Logstash Grep and Drop Logstash	4	3556	July 6, 2017
Creating drop filters based on a string search in a message field Logstash	13	38944	November 4, 2022
Drop filter in Logstash filter not working for the below event Logstash	2	176	October 13, 2023
Dropping logs in logstash Logstash	5	2667	April 28, 2017

Logstash drop filter plugin

Related topics