Logstash eventlog filter

mourlos · June 12, 2016, 9:21am

Hi,

I tried your configuration with the only difference that I used winlogbeat instead of nxlog (and different field names: level instead of Severity) and it works ok.

I am not sure what is the issue there.

As a diferent solution you can try drop filter. I am using this to remove very noisy events. As an example in you case it will be something like this:

#####Match type and level.
filter {
  # Drop informational events
  if [type] == "eventlog" and [Severity] == "WARNING" {
    drop { }
  }
# Drop warning events
  if [type] == "eventlog" and [Severity] == "INFO" {
    drop { }
  }
}

*(Before you use this -if you do- check and make sure that the field names and values correspond to yours)

Topic		Replies	Views
Filter Error logs only Logstash	15	1890	March 14, 2020
Logstash elasticsearch output plugin filtering Logstash	8	847	May 7, 2018
Using Logstash, not able to filter Error Level while indexing to elastic search Logstash	2	913	August 10, 2020
Conditions and filters not applying Logstash	11	2135	September 4, 2018
Selectively filtering messages log Logstash	2	541	July 6, 2017

Logstash eventlog filter

Related topics