How to handle non-matching Logstash grok filters

Question

I am wondering what the best approach to take with my Logstash Grok filters. I have some filters that are for specific log entries, and won\'t apply to all entries. The on

Answer 1

You can also add tag_on_failure => [] to your grok stanza like so:

grok {
    match => ["context", "\"tags\":\[%{DATA:apptags}\]"]
    tag_on_failure => [ ]
}

grok will still fail, but will do so without adding to the tags array.