"message": """Dec 27 18:57:40 elk01 logstash: "loglevel" => "ERROR",""",
How to filter this record?
"query": "message:(\"error\") AND NOT message:(\"\\"loglevel\\" \\=\\> \\"ERROR\\"\")",
use this not work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.