Logstash Sleep Filter Plugin Not Working

mpride63 · March 15, 2022, 3:04pm

I am new to logstash and I’m trying to setup a logstash instance to see if we can use it as a syslog\trap front end to some of our network nodes. I have it working at a very basic level but can’t seem to get the sleep filter working. I’m currently testing with traps and I’m trying to suppress traps using the sleep function. However, it just writes all of the traps to the output file. I assume I’m missing something in the filter section but I’m not sure what it is.

input {
    snmptrap {
		community => "public"
		port => 162
		type => "snmp_trap"
	}
}

filter {
		sleep {
		time => "60"   # Sleep 60 seconds
		every => 3   # on every 3rd event
	}
}

output {
	if [type] == "snmp_trap" {
		file {
		codec => "rubydebug"
		flush_interval => 1
		path => "C:\LogstashOutput\SNMPTraps\logstash-snmptrap.log"
	}
}
}

Badger · March 15, 2022, 5:36pm

What do you mean by suppress? A sleep filter will not stop them being written to the file, it will just delay them.

If you want to limit the number of traps sent to the output then use a throttle filter to tag events and a drop filter to delete the tagged events.

Events are processed through the pipeline in batches. The default batch size is 125, which should result in it taking 42 minutes for a batch to get through that filter, at which point the entire batch is sent to the output.

system · April 12, 2022, 5:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
SNMPTraps in LogStash Logstash	2	482	September 13, 2017
Logstash Output Empty \|\| Firewall Logstash	1	138	May 23, 2024
Pipe output plugin not passing event Logstash	7	2406	July 6, 2017
[SOLVED] SNMP trap input plugin Logstash	4	9229	July 6, 2017
How to pause the logstash output temporarily Logstash	4	146	February 9, 2024

Logstash Sleep Filter Plugin Not Working

Related topics