HI there,
I'm really new ELK stack. I would like to know if it was possible to base a filter on a list, contained in a file ?
Basically, instead of :
if "string1" in [log] or "string2" in [log] or "string3" in [log] or ... {}
Is it possible to do something like :
if [log] in "./list_of_strings.txt" {}
My problem concerns a list of around 3000 strings. Is there some kind of plugin for this or my problem should not be addressed with Logstash ?
Have a nice day.
You could do this using a translate filter. Your list_of_strings.txt would have to be a list_of_strings.csv where the second column in the csv was a fixed value. You would then test whether the [translation] field contained that fixed value after the translate filter executed.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.