Missing grep filter in logstash

Question

I'm trying to use the grep function, but it not works,

this is the error :

Couldn't find any filter plugin named 'grep'. Are you sure this is correct?    
Trying to load the grep filter plugin resulted in this error: no such file to 
load -- logstash/filters/grep

and this is my file logstash.conf

input {
stdin { }
file {
type => "FireWall"
path => "/var/log/test.txt"
start_position => 'beginning'
}
}
filter {


grep {

    match =>["message",".* Morito .*"]
 }
grok {

patterns_dir => "./patterns"
   match => [
    "message", "%{WORD:firstname} %{WORD:lastname} %{NUMBER:age}    
]
}
}
output {
stdout { }
elastic search {
cluster => "logstash"
}
}

What should i do please ?

score 4 · Accepted Answer · answered Apr 13 '15 at 16:29

4

grep{} was dropped in favor of conditionals and drop{}:

if [message] =~ /regexp/ {
     drop{}
}

answered Apr 13 '15 at 16:29

Alain Collins

16,268
2
32
55

"The 'grep' plugin is no longer necessary now that you can do if/elsif/else in logstash configs. This plugin will be removed in the future. If you need to drop events, please use the drop filter. If you need to take action based on a match, use an 'if' block and the mutate filter. See the following URL for details on how to use if/elsif/else in your logstash configs:http://logstash.net/docs/#{LOGSTASH_VERSION}/configuration" – Morito Apr 14 '15 at 07:54

Missing grep filter in logstash

1 Answers1