问题
In my Logstash shipper I want to filter out lines commented with the hash character:
#This log row should be dropped.
But one this should not.
I was able to use grep filter, but as it is discouraged (going to be decommissioned), I'm trying to get a grok filter to do it instead. This filter is not working:
grok {
match => ["message", "^#.*"]
drop_if_match => true
}
I also tried placing the regex in a custom pattern file, but didn't help. Any ideas?
回答1:
Even simpler, if you're interested:
filter {
if ([message] =~ /^#/) {
drop{}
}
}
The last few versions of Logstash have been putting more emphasis on branching logic directly in the config files. Takes a little getting used to, but pretty handy once you do.
回答2:
The correct answer is that there is a bug in drop_if_match=>true (Logstash v1.2.2). Use this type of workaround:
grok {
...
add_tag => ["some_comment"]
}
if "some_comment" in [tags] {
drop {}
}
来源:https://stackoverflow.com/questions/20215575/drop-log-line-containing-hash-character