Logstash output condition to filter a string in syslog

sanjedi · June 14, 2020, 11:49am

Hi,

I am new to ELK and trying to send syslogs based on a customer code to different ES indexes using Logstash.
I am trying following with no luck.

input {
udp {
type => syslogs
port => 5001
}
}
output {

  if [message] in "ABC"{
      elasticsearch {
            hosts => ["http://elasticsearch:9200"]
            index => "abc_index_%{+YYYY.MM.dd}"
    }

}
}

Please kindly advice on the correct way of coding this in Logstash config pipe.

Cheers

sanjedi · June 14, 2020, 12:50pm

Actually I used "=~" instated of "in" and it worked.
Thanks

system · July 12, 2020, 12:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash parsing syslog to different indices depending on source hosts Logstash	6	5280	August 8, 2017
Syslog forwarding question -> Logstash (very basic) Logstash	8	15343	May 9, 2018
Logstash and syslog: logs from specific IP Logstash	7	3250	July 6, 2017
Rsyslog to logstash help Logstash	4	1365	December 17, 2017
Filter syslog messages via priority Logstash	4	554	March 12, 2020

Logstash output condition to filter a string in syslog

Related Topics