Supress errors from logstash input plugin

nitzan.karni · October 27, 2020, 9:36am

Hi,
I have set up a logstash input for syslog:

syslog {
    port => 6514
    codec => cef
    tags => [ "syslog" ]
}

I have different kind of syslogs running through that input.
I have messages that arrives in cef format, and other that arrive in simple syslog format.
The problem is when I get regular syslog messages ofcourse the cef codec fails. and thats ok.
but it spams the logstash-plain and it becomes impossible to debug other problems with that much spam going on.
Is it possible to suppress errors from that specific input?

Badger · October 27, 2020, 2:15pm

I do not think you can suppress the error, but if you can determine which messages are in cef format you can route them to a different pipeline and use the codec on that.

system · November 24, 2020, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash-filter-cef instead of codec Logstash	1	331	June 19, 2019
Logstash/syslog/CEF 1024 character limit Logstash	4	1332	December 13, 2018
CEF message parsing Logstash	1	350	December 9, 2022
CEF codec plugin Logstash	2	555	October 29, 2020
Accepting messages in CEF format Logstash	2	403	April 8, 2018

Supress errors from logstash input plugin

Related topics