Output Log Line Containing a Hash Symbol

Question

Output Log Line Containing a Hash Symbol

In my Logstash shipper, I want to filter out lines commented out by a hash symbol:

#This log row should be dropped. But one this should not.

I managed to use the grep filter, but since it is discouraged (out of service), I am trying to get the grok filter to do this instead. This filter does not work:

 grok { match => ["message", "^#.*"] drop_if_match => true }

I also tried to place the regex in the user template file, but didn't help. Any ideas?

+8

regex logging logstash logstash-grok

Jonas byström Nov 26 '13 at 11:15

source share

2 answers

Correct answer: error in drop_if_match=>true (Logstash v1.2.2). Use this workaround:

 grok { ... add_tag => ["some_comment"] } if "some_comment" in [tags] { drop {} }

+2

Jonas byström Nov 26 '13 at 12:59

source share

rutter · Accepted Answer · 2013-11-26T19:22:52+0000

Even simpler if you're interested:

 filter { if ([message] =~ /^#/) { drop{} } }

The last few versions of Logstash have paid more attention to branching logic directly in configuration files . A little getting used to, but very convenient as soon as you do it.

Output Log Line Containing a Hash Symbol

More articles: