Good Morning.
I am a novice in ELK stack. I have problems in my logstash . I get many logs, but I need to keep a log with a specific message to appear on Kibana . How can I keep a log appear in Kibana for your message ?
For example , I need to remove the log that contains the following words : pppoe , ppp .
How do I do that?
Do you want to
PPP logs are not useful to me in logstash . I am using the elk stack to manage logs of my MikroTik routers, and I'm having a lot of trouble . From the mikrotik get multiple logs , already are all going to Kibana , but now I just need to keep the logs of type PPP , PPPoE are stored in the database . Except that all the logs comes as a message, such as:
message: pppoe,ppp,info : connected @version:1 @timestamp:August 25th 2016, 11:01:14.990 type:syslog host:177.124.72.4 _id:AVbCATgFx-cjIMIocgLZ _type:syslog _index:logstash-2016.08.25 _score:
This is the log I get the data with PPP , PPPoE ..
Now the example of another log (the log want to keep it ) 
message:system,error,critical login failure for user ftp from 208.100.26.232 via ftp @version:1 @timestamp:August 25th 2016, 09:31:05.326 type:syslog host:177.124.72.12 _id:AVbBrrASx-cjIMIocfYi _type:syslog _index:logstash-2016.08.25 _score:
In short , I want to prevent the PPP , PPPoE logs, and other logs do not .
Sorry for the bad language , can not speak and read English.
The drop filter can help:
if "ppp" in [message] {
drop { }
}
Worked, thank you !
I would like to store events in Elasticsearch and aggregate on them but they are not imprtant for debugging because it actually shows too many unnecessary logs.
This slows down the process because it spams you and it is harder to look for the exact log you look for.
How would I just kinda pushed these log lines in the backwards?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.