Parsing logs for specific domain

I want to parse HAPROXY logs for specific domain(below: abc refers to using logstash.This is the filter that i am trying to use inside logstash input:

input {
filter {
if [message] =~ "abc" {
grok {
match => ["message", .......

On the above config, i am specifying to filter logs with abc, however, this doesn't seems to be effective, when i see on ES index, I get to see logs parsed for all different domains along with, which I don't want.

I want logs only for specific domains(say to be indexed into ES) and ignore everything apart from

Any help would be appreciated here.

The syntax is

if [message] =~ /abc/ {

but I'd prefer to unconditionally parse the event with grok and throw it away unless the extracted domain field matches the interesting domain name. Otherwise you'll parse messages that happen to contain that domain name in other parts (although that could be very unlikely).

1 Like