1. 首頁
  2. 問答
  3. 如果標題爲特定值,則logstash過濾器放下

如果標題爲特定值,則logstash過濾器放下

2017-09-21 14 views
0

我正在使用logstash http輸入插件。如果user_agent是特定值,我想過濾掉。如果標題爲特定值,則logstash過濾器放下

{ 
    "_index": "some-logs-prod-2017.09.21", 
    "_type": "logs", 
    "_id": "AV6kDXSxKY2mOqXynuEV", 
    "_score": null, 
    "_source": { 
    "message": "", 
    "@version": "1", 
    "@timestamp": "2017-09-21T10:48:12.541Z", 
    "host": "172.31.43.24", 
    "headers": { 
     "request_method": "GET", 
     "request_path": "/", 
     "request_uri": "/", 
     "http_version": "HTTP/1.1", 
     "http_host": "172.31.33.62:33067", 
     "http_connection": "close", 
     "http_user_agent": "ELB-HealthChecker/2.0", 
     "http_accept_encoding": "gzip, compressed" 
    } 
    }, 
    "fields": { 
    "@timestamp": [ 
     1505990892541 
    ] 
    }, 
    "highlight": { 
    "headers.http_user_agent": [ 
     "@[email protected]@/[email protected]@[email protected]@/[email protected]/2.0" 
    ] 
    }, 
    "sort": [ 
    1505990892541 
    ] 
}

在這種情況下,我想在http_user_agent == ELB-HealthChecker我如何去這樣做砸的消息?

來源

2017-09-21 puneeth

+0

到目前爲止,你有什麼嘗試,你到底在哪裏遇到麻煩? –

+0

https://stackoverflow.com/questions/24409119/logstash-drop-filter-for-event – baudsp

+0

@baudsp似乎不適用於: 過濾器{'headers.http_user_agent'] =〜/ ELB -HealthChecker/{ drop {} } } – puneeth

回答

0

感謝@baudsp [headers][http_user_agent]作品!

來源

2017-09-25 09:57:38 puneeth

相關問題

 相關問題