I want to parse various different messages being logged into cloudwatch. And I am planning to use logstash-input-cloudwatch-logs plugin.
Now there are a lot of non-json messages written into cloudwatch, I want to ignore all of them. I only want proper json messages to be parsed.
I know that I can use the json filter and drop messages that have a tag of "_jsonparsefailure"
But somehow this feels inefficient, as the attempt to json parse is done and then a decision to drop is made.
Is there a more efficient way to drop non-json messages?