Logstash排除字段及字段内容

Joe.Ye 2023-03-25 ELK

排除字段

filter {
    grok {
        remove_field => ["agent", "cloud", "ecs", "host", "input"]
    }
}

排除字段内容

output {
    if "_grokparsefailure" in [tags] {
        file { path => "/usr/local/logstash/logs/grok_failures.txt" }
    } else {
        if (([classpath] == "com.netflix.eureka.registry.AbstractInstanceRegistry" and [methodname] == "run") or
            ([classpath] == "com.netflix.discovery.shared.resolver.aws.ConfigClusterResolver" and [methodname] == "getClusterEndpoints")) {
            #stdout {
               #codec => rubydebug
            #}
        } else {
            elasticsearch {
                hosts => ["172.10.1.10:9200"]
                #index => "%{type}"
                index => "appblog-%{+YYYY.MM.dd}"
            }
        }
    }
}

版权声明:
作者:Joe.Ye
链接:https://www.appblog.cn/index.php/2023/03/25/logstash-excludes-fields-and-their-contents/
来源:APP全栈技术分享
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
打赏
海报
Logstash排除字段及字段内容
排除字段 filter { grok { remove_field => ["agent", "cloud", "ecs", "host", "input"]……
<<上一篇
下一篇>>
文章目录
关闭
目 录