Logstash output condition to filter a string in syslog

sanjedi · June 14, 2020, 11:49am

Hi,

I am new to ELK and trying to send syslogs based on a customer code to different ES indexes using Logstash.
I am trying following with no luck.

input {
udp {
type => syslogs
port => 5001
}
}
output {

  if [message] in "ABC"{
      elasticsearch {
            hosts => ["http://elasticsearch:9200"]
            index => "abc_index_%{+YYYY.MM.dd}"
    }

}
}

Please kindly advice on the correct way of coding this in Logstash config pipe.

Cheers

sanjedi · June 14, 2020, 12:50pm

Actually I used "=~" instated of "in" and it worked.
Thanks

system · July 12, 2020, 12:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.