Wanted to drop specific syslog message and syslog Client

ashisharyan · May 24, 2022, 11:56am

Hi,

I wanted to drop some specific syslog message and syslog client which should not be send to ELK. Below is the Logstash config file. we have tried but it is not working.
So request if anyone can help me to get this work.

input {
    beats {
        port => "5044"
    }
}
filter {
    grok {
        match => { "message" => "%{SYSLOGLINE}"}
      }
    if ([message] !~ "Test Message") {
    drop { }
    }
}
output {
    elasticsearch {
        hosts => [ "192.168.0.105:9200" ]
    }
}

Thanks

system · June 21, 2022, 11:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash and syslog: logs from specific IP Logstash	7	3255	July 6, 2017
Config Logstash for Syslog Logstash	5	1328	April 4, 2017
Centralized Syslog management for Cisco Switches Logstash	6	8270	February 21, 2020
Grok translation help Logstash	1	261	January 7, 2019
Syslog configuration output Logstash	2	583	July 6, 2017

Wanted to drop specific syslog message and syslog Client

Related topics