Prevent some logs from going to the elastic search

aakashanuj · May 15, 2013, 8:08am

I am using Logstash to send logs to the Elastic search. Now I want only the
logs with a particular regex to go to the elastic search and I want the
others to be dropped.

How do I achieve it?

My configuration file is:

input {
file
{
path => "/home/aakash/Desktop/aa.txt"
type => "filetype"
debug=> "true"
}
}
filter {

grok {
type => "filetype"
patterns_dir=>["./patterns"]
pattern => "%{PARSE_ERROR}|%{OTHERS}"
add_tag=>"%{type1},%{type2},%{slave},ERR_SYSTEM,%{fiber1},%{fiber2}"
}

mutate
{
type=>"filetype"
replace => ["@message", "%{message}" ]
replace =>["@timestamp","%{year}-%{monthnum}-%{monthday}T%{hour}:
%{minute}:%{second}.%{_second}Z"]
}

}
output {
stdout { debug => true debug_format => "json"}
elasticsearch
{
}
}

I want the %{OTHERS } to be dropped. How do I modify this code?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Ivan · May 15, 2013, 3:56pm

This sounds like a question for the Logstash community, not the
Elasticsearch mailing list.

--
Ivan

On Wed, May 15, 2013 at 1:08 AM, Aakash Anuj aakashanuj.iitkgp@gmail.comwrote:

I am using Logstash to send logs to the Elastic search. Now I want only
the logs with a particular regex to go to the Elasticsearch and I want the
others to be dropped.

How do I achieve it?

My configuration file is:

input {
file
{
path => "/home/aakash/Desktop/aa.txt"
type => "filetype"
debug=> "true"
}
}
filter {

grok {
type => "filetype"
patterns_dir=>["./patterns"]
pattern => "%{PARSE_ERROR}|%{OTHERS}"
add_tag=>"%{type1},%{type2},%{slave},ERR_SYSTEM,%{fiber1},%{
fiber2}"
}

mutate
{
type=>"filetype"
replace => ["@message", "%{message}" ]
replace =>["@timestamp","%{year}-%{monthnum}-%{monthday}T%{hour}:
%{minute}:%{second}.%{_second}**Z"]
}

}
output {
stdout { debug => true debug_format => "json"}
elasticsearch
{
}
}

I want the %{OTHERS } to be dropped. How do I modify this code?

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Topic		Replies	Views
Logstash - Handling different kinds of logs Elasticsearch	2	336	July 6, 2017
Filter or remove some logs in logstash Logstash	5	2018	November 20, 2018
Drop message,but still write into elasticsearch Logstash	4	946	September 8, 2017
Logstash elasticsearch output plugin filtering Logstash	8	800	May 7, 2018
I don't want all data output to the elasticsearch Logstash	3	565	September 20, 2017

Prevent some logs from going to the elastic search

Related Topics