In logstash, How to filter logs by json key and value?

Question

Currently I need to ignore some log in logstash.

my logstash input is as below:

 input {
    udp {
            port => 5001
            format => "json"
            type => "udp"
    }
 }

logs like {"key1":"value1", "key2":"value2"} will send to port 5001

I like to drop all logs that with "key1":"value1", how can I achieve it?

I'v tried

filter {
    grep {
            match => { "key1" => "value1" }
            negate => true
    }
}

it doesn't work.

Alcanzar Alcanzar · Accepted Answer · 2014-05-22T14:06:58

0

votes

use the if syntax to do this:

filter {
  if [key1] == "value1" {
     drop {}
  }
}