如果标头是特定值，则logstash筛选器将删除_Logstash

如果标头是特定值，则logstash筛选器将删除

logstash

如果标头是特定值，则logstash筛选器将删除,logstash,Logstash,我正在使用logstashhttp输入插件。如果用户_代理是一个特定的值，我想筛选并删除它 { "_index": "some-logs-prod-2017.09.21", "_type": "logs", "_id": "AV6kDXSxKY2mOqXynuEV", "_score": null, "_source": { "message": "", "@version": "1", "@timestamp": "2017-09-21T10:48:

我正在使用logstashhttp输入插件。如果用户_代理是一个特定的值，我想筛选并删除它

{
  "_index": "some-logs-prod-2017.09.21",
  "_type": "logs",
  "_id": "AV6kDXSxKY2mOqXynuEV",
  "_score": null,
  "_source": {
    "message": "",
    "@version": "1",
    "@timestamp": "2017-09-21T10:48:12.541Z",
    "host": "172.31.43.24",
    "headers": {
      "request_method": "GET",
      "request_path": "/",
      "request_uri": "/",
      "http_version": "HTTP/1.1",
      "http_host": "172.31.33.62:33067",
      "http_connection": "close",
      "http_user_agent": "ELB-HealthChecker/2.0",
      "http_accept_encoding": "gzip, compressed"
    }
  },
  "fields": {
    "@timestamp": [
      1505990892541
    ]
  },
  "highlight": {
    "headers.http_user_agent": [
      "@kibana-highlighted-field@ELB@/kibana-highlighted-field@-@kibana-highlighted-field@HealthChecker@/kibana-highlighted-field@/2.0"
    ]
  },
  "sort": [
    1505990892541
  ]
}

在这种情况下，我想在

http\u user\u agent==ELB HealthChecker

我该怎么做时删除消息？

我不得不使用

[headers][http\u user\u agent]

，多亏了baudsp。

到目前为止你做了什么，你到底在哪里遇到了麻烦？@baudsp似乎没有使用：filter{if['headers.http\u user\u agent']=~/ELB HealthChecker/{drop{}}使用

[headers][http\u user\u agent]