问题
Currently I am working on an application where I need to create documents from particular data from a file at specific location. I have set up logstash pipeline configuration.
Here is what it looks like currently:
input{
file{
path => "D:\ELK_Info\logstashInput.log"
start_position => "beginning"
}
}
#Possible IF condition here in the filter
output {
#Possible IF condition here
http {
url => "http://localhost:9200/<index_name>/<type_name>"
http_method => "post"
format => "json"
}
}
I want to provide IF condition in output before calling API. The condition should be like, "If data from input contains word 'Error', only then proceed further to call http API mentioned."
Any idea on how may I do the same?
回答1:
Please look at this link: Ignore and move to next pattern if log contains a specific word
The first step is to look whehther input has error as key word, if so, continue the parsing by second grok. If no, just forget the input.
来源:https://stackoverflow.com/questions/51749854/how-to-get-logs-and-its-data-having-word-error-in-then-and-how-to-configure-l