Logstash unable to start when I add grep filter

Question

I have a logstash instance deployed on my local and I am trying to get head wrapped around it. I added a simple grep filter to the logstash.conf file, but when I restart the service, it fails. And when I remove the grep statement it works fine. Here is my config. Any help would be appreciated. Thanks.

input {
        kafka {
        zk_connect => "localhost:9091"
        topic_id => "rawlog"
        reset_beginning => false
        consumer_threads => 1
        consumer_restart_on_error => true
        consumer_restart_sleep_ms => 100
        decorate_events => false
    }

}
output {
  elasticsearch {
    bind_host => "localhost"
    protocol => "http"
  }
}
filter {
  grep {
    match => {"message"=>"hello-world"}
  }
}

Alain Collins · Accepted Answer · 2015-04-30T15:21:08.333

2

grep{} is deprecated in favor of conditionals and drop{}:

filter {
  if [message] !~ /hello-world/ {
    drop{}
  }
}

If that doesn't help, post a sample of your input.

edited Apr 30 '15 at 15:21

answered Apr 29 '15 at 17:53

Alain Collins

16,268
2
32
55

Thanks @Alain. This worked. One correction I had to make was, instead of if message, I used if [message]. Appreciate your help. – Shriram Sharma Apr 29 '15 at 18:20

Logstash unable to start when I add grep filter

1 Answers1