Drop log line containing hash character

regex logging logstash logstash-grok
Jonas Byström picture Jonas Byström · Nov 26, 2013 · Viewed 16.3k times · Source

In my Logstash shipper I want to filter out lines commented with the hash character:

#This log row should be dropped.
But one this should not.

I was able to use grep filter, but as it is discouraged (going to be decommissioned), I'm trying to get a grok filter to do it instead. This filter is not working:

grok {
  match => ["message", "^#.*"]
  drop_if_match => true
}

I also tried placing the regex in a custom pattern file, but didn't help. Any ideas?

Answer

rutter picture rutter · Nov 26, 2013

Even simpler, if you're interested:

filter {
    if ([message] =~ /^#/) {
        drop{}
    }
}

The last few versions of Logstash have been putting more emphasis on branching logic directly in the config files. Takes a little getting used to, but pretty handy once you do.

Related questions

Delete all lines not containing string in Sublime

I recently got a bruteforce on my website, and wanted to write it down somewhere. The bad new is that the log file itself are 1,4 GB large (4338995 Lines) and I haven't got the logrotate fully working yet. So I was …

Read More
Regular expression to match a line that doesn't contain a word

I know it's possible to match a word and then reverse the matches using other tools (e.g. grep -v). However, is it possible to match lines that do not contain a specific word, e.g. hede, using a regular …

Read More
How to validate an email address in JavaScript

Is there a regular expression to validate an email address in JavaScript?

Read More