Hi,
I have set up a logstash input for syslog:
syslog {
port => 6514
codec => cef
tags => [ "syslog" ]
}
I have different kind of syslogs running through that input.
I have messages that arrives in cef format, and other that arrive in simple syslog format.
The problem is when I get regular syslog messages ofcourse the cef codec fails. and thats ok.
but it spams the logstash-plain and it becomes impossible to debug other problems with that much spam going on.
Is it possible to suppress errors from that specific input?