Supress errors from logstash input plugin

nitzan.karni · October 27, 2020, 9:36am

Hi,
I have set up a logstash input for syslog:

syslog {
    port => 6514
    codec => cef
    tags => [ "syslog" ]
}

I have different kind of syslogs running through that input.
I have messages that arrives in cef format, and other that arrive in simple syslog format.
The problem is when I get regular syslog messages ofcourse the cef codec fails. and thats ok.
but it spams the logstash-plain and it becomes impossible to debug other problems with that much spam going on.
Is it possible to suppress errors from that specific input?

Badger · October 27, 2020, 2:15pm

I do not think you can suppress the error, but if you can determine which messages are in cef format you can route them to a different pipeline and use the codec on that.

system · November 24, 2020, 2:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.