I have a logstash instance deployed on my local and I am trying to get head wrapped around it. I added a simple grep filter to the logstash.conf file, but when I restart the service, it fails. And when I remove the grep statement it works fine. Here is my config. Any help would be appreciated. Thanks.
input {
kafka {
zk_connect => "localhost:9091"
topic_id => "rawlog"
reset_beginning => false
consumer_threads => 1
consumer_restart_on_error => true
consumer_restart_sleep_ms => 100
decorate_events => false
}
}
output {
elasticsearch {
bind_host => "localhost"
protocol => "http"
}
}
filter {
grep {
match => {"message"=>"hello-world"}
}
}
grep{} is deprecated in favor of conditionals and drop{}:
filter {
if [message] !~ /hello-world/ {
drop{}
}
}
If that doesn't help, post a sample of your input.