Discuss the Elastic Stack

Use grok to skip seperators lines

Elastic Stack Logstash

Talal_Elammas (Toto1234) September 14, 2018, 7:08pm 1

Hello,
I have a log file structured as 2 line separators then the log data ,
I created my parser for the log data , but I don't know how to eliminate those two lines from being proceed through the filter,

please for your help for new starter with elastic , drop didn't work for me ,

.-------------------------------------------.
.-------------------------------------------.
Timestamp: 12/05/2017 XXXXXX
.-------------------------------------------.

Timestamp: 12/05/2017 XXXXXX
.-------------------------------------------.
.-------------------------------------------.

Christian_Dahlqvist (Christian Dahlqvist) September 16, 2018, 5:27am 2

Have you looked into using a mutate filter with a gsub action to simply remove the unwanted characters?

system (system) Closed October 14, 2018, 5:28am 3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Parse string data with ; separator in logstash Logstash	6	6006	June 27, 2017
Logstash: Exclude separator lines in logs Logstash	2	460	May 1, 2019
Grok Filter Logstash Multiple Lines Logstash	3	1332	August 21, 2017
Removing annoying characters before a Json formated string Logstash	4	1229	December 19, 2018
Grok - Skipping Line Logstash	9	8092	July 6, 2017

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.