有些我们不想要的日志,如理图例:
可以通过Logstash的filter来过滤,简单过滤如下:
input {
tcp {
port => 8002
codec => json_lines
}
}
filter{
### 如果message中以Retrieved hosts from InstanceDiscovery: 0开头
if([message]=~ "^Retrieved hosts from InstanceDiscovery: 0"){
### 丢弃
drop{}
}
}
output {
elasticsearch {
hosts => "localhost:8001"
}
stdout { codec => rubydebug}
}