Logstash排除字段及字段内容

排除字段

1
2
3
4
5
filter {
grok {
remove_field => ["agent", "cloud", "ecs", "host", "input"]
}
}

排除字段内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
output {
if "_grokparsefailure" in [tags] {
file { path => "/usr/local/logstash/logs/grok_failures.txt" }
} else {
if (([classpath] == "com.netflix.eureka.registry.AbstractInstanceRegistry" and [methodname] == "run") or
([classpath] == "com.netflix.discovery.shared.resolver.aws.ConfigClusterResolver" and [methodname] == "getClusterEndpoints")) {
#stdout {
#codec => rubydebug
#}
} else {
elasticsearch {
hosts => ["172.10.1.10:9200"]
#index => "%{type}"
index => "appblog-%{+YYYY.MM.dd}"
}
}
}
}

Powered by AppBlog.CN     浙ICP备14037229号

Copyright © 2012 - 2020 APP开发技术博客 All Rights Reserved.

访客数 : | 访问量 :