input {
stdin {
}
}
filter {
grok {
match => ["message","\s*%{TIMESTAMP_ISO8601}\s+(?<Level>(\S+)).*"]
}
if [Level] == "DEBUG" {
drop {}
}
if [Level] == "INFO" {
drop {}
}
}
output {
stdout {
codec=>rubydebug{}
}
}
~
利用drop 丢弃过滤日志
相关文章: