My logstash server generates the following messages every time it is restarted:
{"syslog_severity_code":5,"syslog_severity":"notice","syslog_facility_code":1,"message":"\u0000\u0016\u0000\u0014\u0000\u0017\u0000\u0018\u0000\u0019\u0000\u001D\u0000\u001E\u0001\u0000\u0001\u0001\u0001\u0002\u0001\u0003\u0001\u0004\u0000\u000B\u0000\u0002\u0001\u0000\u0000\r\u0000\"\u0000 \u0004\u0001\b\t\b\u0004\u0004\u0003\b\u0007\u0005\u0001\b","class":"kraken_logstash","@timestamp":"2023-07-27T12:27:02.475837425Z","hostname":"CLAB-LOG02-SVL","host":"10.200.0.52","syslog_facility":"user-level","index":"kraken-syslog","tags":["_grokparsefailure"]}
{"syslog_severity_code":5,"syslog_severity":"notice","syslog_facility_code":1,"message":"\u0000\u0016\u0000\u0014\u0000\u0017\u0000\u0018\u0000\u0019\u0000\u001D\u0000\u001E\u0001\u0000\u0001\u0001\u0001\u0002\u0001\u0003\u0001\u0004\u0000\u000B\u0000\u0002\u0001\u0000\u0000\r\u0000\"\u0000 \u0004\u0001\b\t\b\u0004\u0004\u0003\b\u0007\u0005\u0001\b","class":"kraken_logstash","@timestamp":"2023-07-27T12:27:02.469455858Z","hostname":"CLAB-LOG02-SVL","host":"10.200.0.52","syslog_facility":"user-level","index":"kraken-syslog","tags":["_grokparsefailure"]}`
I want to drop these messages, so I created the following filter:
filter {
if "\u000" in [message] { drop {} }
}
Well, the filter does not work. I tried various partial string of the messages listed above in if statement (\u0000, u00, \u0016, u0018, etc) but nothing works.
Any idea how to modify drop filter so that it will drop the above messages?
BTW, please disregard grokparsefailure tag in the above messages. If I can drop them, then there will be no grokparsefailure. 
