Ishan
Reputation: 9
Logstash config, “if message contains…”
So, let's assume that I have a portion of a log line that looks something like this:
Dec 11 13:59:17 172.00.1.00 NPF_OLT_LAB05: clear service affecting Alarm for ONT "100002" at 2019/12/11 13:59:17.28: "ONT Dying Gasp"
And I have to create a filter that does something like this
filter {
if ([message]) =~ "NPF_OLT_LAB05"{
grok{
match => { "message" => "%{SYSLOGBASE} %{WORD:Alarm_Severity} %{DATA:Message} %{QS:ONT_ID} %{DATA:Time} %{QS:ONT_Message}" }
}
}
}
Is this possible?
Upvotes: 0
Views: 5552
Answers (2)
Angel H
Reputation: 311
check with below configuration,
filter {
if "NPF_OLT_LAB05" in [message] {
grok{
match => { "message" => "%{SYSLOGBASE} %{WORD:Alarm_Severity} %{DATA:Message} %{QS:ONT_ID} %{DATA:Time} %{QS:ONT_Message}" }
}
}
}
Upvotes: 1
JBone
Reputation: 1794
I think you just have to correct a little bit. Try this
filter {
if ([message]) =~ /NPF_OLT_LAB05/{
Upvotes: 0
Related Questions
- Using a conditional in logstash
- Filter message based on String
- How to cumul filters with logstash?
- Logstash filter does not works on any logline
- How to include the filter in Logstash config file?
- Logstash config, "if string contains..."
- Filtering messages out of logstash.conf
- Filter specific Message with logstash before sending to ElasticSearch
- Logstash - grok configuration filter
- logstash grok filter ignore certain parts of message