refaelos
Reputation: 8075
logstash drop filter only if included in list
Is it possible to filter log events that are from a specific group?
For example, I want to only drop events that are not in the list: ["a","b"]
filter {
if !["a","b"].include? [event_name] {
drop {}
}
}
Something like that...
Upvotes: 0
Views: 648
Answers (1)
rutter
Reputation: 11452
Logstash conditionals support the following operators:
equality:
==,!=,<,>,<=,>=regexp:
=~,!~inclusion:
in,not in
Along with some logical operators:
and,or,nand,xorunary
!
It sounds like you want not in:
if [event_name] not in ["a", "b"] {
drop {}
}
Upvotes: 1
Related Questions
- Logstash config, “if message contains…”
- logstash filter drop if headers is a specific value
- How to apply sub-filter in logstash
- Logstash filter does not works on any logline
- How to drop by filter input logs in logstash
- Multiple If in single filter
- logstash array of key value pairs
- Chain filters in logstash
- Getting Started With Logstash Filters
- Logstash drop filter for event