Wanted to drop specific syslog message and syslog Client

ashisharyan · May 24, 2022, 11:56am

Hi,

I wanted to drop some specific syslog message and syslog client which should not be send to ELK. Below is the Logstash config file. we have tried but it is not working.
So request if anyone can help me to get this work.

input {
    beats {
        port => "5044"
    }
}
filter {
    grok {
        match => { "message" => "%{SYSLOGLINE}"}
      }
    if ([message] !~ "Test Message") {
    drop { }
    }
}
output {
    elasticsearch {
        hosts => [ "192.168.0.105:9200" ]
    }
}

Thanks

system · June 21, 2022, 11:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash and syslog: logs from specific IP Logstash	7	3251	July 6, 2017
Configuring logstash-input-syslog Logstash	5	9410	June 1, 2018
Centralized Syslog management for Cisco Switches Logstash	6	8239	February 21, 2020
How to define what data is sent to Elastic from Logstash? Logstash	9	472	September 9, 2021
Problem with my logstash file '.conf' for analyse syslog from my switchs Logstash	5	335	April 26, 2023

Wanted to drop specific syslog message and syslog Client

Related Topics