As we know, we can drop like that:
if [log][file][path] == "/var/log/messages" {
drop {}
}
But I have case when I am getting logs in format "/var/log/messages-20221212" or "/var/log/messages-date"
But logstash drop filter plugin is not understanding:
if [log][file][path] == "/var/log/messages-*" {
drop {}
}
Can anyone help me?
Thanks
Try with:
if ( [log][file][path] =~ /^\/var\/log\/messages-\d+/) {
drop {}
}
You can also use without \d+ at the end in case you don't want a number validation, at the end.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.