Supress errors from logstash input plugin

nitzan.karni · October 27, 2020, 9:36am

Hi,
I have set up a logstash input for syslog:

syslog {
    port => 6514
    codec => cef
    tags => [ "syslog" ]
}

I have different kind of syslogs running through that input.
I have messages that arrives in cef format, and other that arrive in simple syslog format.
The problem is when I get regular syslog messages ofcourse the cef codec fails. and thats ok.
but it spams the logstash-plain and it becomes impossible to debug other problems with that much spam going on.
Is it possible to suppress errors from that specific input?

Badger · October 27, 2020, 2:15pm

I do not think you can suppress the error, but if you can determine which messages are in cef format you can route them to a different pipeline and use the codec on that.

system · November 24, 2020, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CEF message parsing Logstash	1	336	December 9, 2022
CEF codec plugin Logstash	2	551	October 29, 2020
Accepting messages in CEF format Logstash	2	402	April 8, 2018
Logstash error - Failed to decode CEF payload. Generating failure event with payload in message field Logstash	4	2472	March 24, 2021
Syslog cef + logstash + security device logs parsing issues Logstash docker	1	1292	March 12, 2021

Supress errors from logstash input plugin

Related Topics