0

I want drop logfile mean shoudn't export to elasticsearch, like if any log message contains "monitoring" keyword i want to drop that event. can any anyone suggest me how to do that ?

filter {
  if [loglevel] == "debug" {
    drop { }
  }
}

The above example will drop the event when loglevel debug, but drop event when log message contains "monitoring" keyword?

Ashok Reddy
  • 1,060
  • 1
  • 16
  • 28
  • Possible duplicate of [Drop log line containing hash character](https://stackoverflow.com/questions/20215575/drop-log-line-containing-hash-character) – baudsp Aug 24 '18 at 08:29
  • There's already an answer to that question. There's the relevant part in the docs: https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#conditionals – baudsp Aug 24 '18 at 08:31

1 Answers1

0

Solution is 

filter {
  if "monitoring" in [message] {
    drop { }
  }
}
Ashok Reddy
  • 1,060
  • 1
  • 16
  • 28