Noob question: Can I use logstash to collect & send specific log lines (not the whole logs)?

DaveR · December 11, 2018, 12:25am

Greetings,

I'd like to collect a set of log lines from remote systems. Does Logstash have this capability, and can the log line specification be configured on the fly?

A bit more detail:
my product emits massive logs. And, I'd like to know a few discrete things from them. Shipping the entire log is possible but poses other challenges.

To overcome this situation, I'd like to use an agent which can locally monitor logs and based on a specification, forward only specific lines.

And... good lord it would be cool if I could configure specifications centrally (and then the local agents would phone home and pick new configurations).

Thanks in advance!

guyboertje · December 11, 2018, 12:54pm

I think filebeat has this capability.

Logstash does have a drop filter that you can use in a conditional block to "weed" out the lines you don't want.

system · January 8, 2019, 12:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.