Logstash output condition to filter a string in syslog

sanjedi · June 14, 2020, 11:49am

Hi,

I am new to ELK and trying to send syslogs based on a customer code to different ES indexes using Logstash.
I am trying following with no luck.

input {
udp {
type => syslogs
port => 5001
}
}
output {

  if [message] in "ABC"{
      elasticsearch {
            hosts => ["http://elasticsearch:9200"]
            index => "abc_index_%{+YYYY.MM.dd}"
    }

}
}

Please kindly advice on the correct way of coding this in Logstash config pipe.

Cheers

sanjedi · June 14, 2020, 12:50pm

Actually I used "=~" instated of "in" and it worked.
Thanks

system · July 12, 2020, 12:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Output NetFlow and Syslog to Elasticsearch Logstash	4	1414	July 6, 2017
Logstash parsing syslog to different indices depending on source hosts Logstash	6	5282	August 8, 2017
Syslog forwarding question -> Logstash (very basic) Logstash	8	15404	May 9, 2018
Logstash – Both elasticsearch and email outputs Logstash	17	3210	July 6, 2017
Logstash and syslog: logs from specific IP Logstash	7	3255	July 6, 2017

Logstash output condition to filter a string in syslog

Related topics