0
我正在使用logstash http輸入插件。如果user_agent是特定值,我想過濾掉。如果標題爲特定值,則logstash過濾器放下
{
"_index": "some-logs-prod-2017.09.21",
"_type": "logs",
"_id": "AV6kDXSxKY2mOqXynuEV",
"_score": null,
"_source": {
"message": "",
"@version": "1",
"@timestamp": "2017-09-21T10:48:12.541Z",
"host": "172.31.43.24",
"headers": {
"request_method": "GET",
"request_path": "/",
"request_uri": "/",
"http_version": "HTTP/1.1",
"http_host": "172.31.33.62:33067",
"http_connection": "close",
"http_user_agent": "ELB-HealthChecker/2.0",
"http_accept_encoding": "gzip, compressed"
}
},
"fields": {
"@timestamp": [
1505990892541
]
},
"highlight": {
"headers.http_user_agent": [
"@[email protected]@/[email protected]@[email protected]@/[email protected]/2.0"
]
},
"sort": [
1505990892541
]
}
在這種情況下,我想在http_user_agent == ELB-HealthChecker
我如何去這樣做砸的消息?
到目前爲止,你有什麼嘗試,你到底在哪裏遇到麻煩? –
https://stackoverflow.com/questions/24409119/logstash-drop-filter-for-event – baudsp
@baudsp似乎不適用於: 過濾器{'headers.http_user_agent'] =〜/ ELB -HealthChecker/{ drop {} } } – puneeth