Wanted to drop specific syslog message and syslog Client

ashisharyan · May 24, 2022, 11:56am

Hi,

I wanted to drop some specific syslog message and syslog client which should not be send to ELK. Below is the Logstash config file. we have tried but it is not working.
So request if anyone can help me to get this work.

input {
    beats {
        port => "5044"
    }
}
filter {
    grok {
        match => { "message" => "%{SYSLOGLINE}"}
      }
    if ([message] !~ "Test Message") {
    drop { }
    }
}
output {
    elasticsearch {
        hosts => [ "192.168.0.105:9200" ]
    }
}

Thanks

system · June 21, 2022, 11:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.