{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 相关推荐>> 的问题《Logstash drop filter for event》','https://www.manongdao.com/q-1289782.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
In my log file I have entries like the following:
2014-06-25 12:36:18,176 [10] ((null)) INFO [s=(null)] [u=(null)] Hello from Serilog, running as "David"! [Program]
2014-06-25 12:36:18,207 [10] ((null)) WARN [s=(null)] [u=(null)] =======MyOwnLogger====== Hello from log4net, running as David! [MyOwnLogger]
2014-06-25 12:36:18,209 [10] ((null)) ERROR [s=(null)] [u=(null)] =======MyOwnLogger====== Hello from log4net, running as David! [MyOwnLogger]
which are of loglevel INFO, WARN and ERROR respectively.
What I would like to do is to only output to Elasticsearch those entries which are of ERROR level. Here is my Logstash configuration file:
input {
file {
path => "Somepath/*.log"
}
}
# This filter doesn't work
filter {
if [loglevel] != "error" {
drop { }
}
}
output {
elasticsearch { host => localhost }
stdout {}
}
Effectively, currently nothing gets sent to Elasticsearch. I know it is related to the filter because if it's not there, all the entries get sent to Elastisearch.
Try this grok filter. It is works at me with your logs
First, you need to grok the loglevel, then just you can use the field to do if else condition and decide drop or not.