filter_grep
filter plugin "greps" events by the values of specified fields.message
field contains cool
.hostname
field matches web<INTEGER>.example.com
.message
field does NOT contain uncool
.<and>
Directive<regexp>
or <exclude>
directive. This directive has been added since 1.2.0.<and>
directive with <exclude>
directive:<or>
Directive<regexp>
or <exclude>
directive. This directive has been added since 1.2.0.<or>
directive with <regexp>
directive:<regexp>
Directivekey
pattern
key
pattern
price
is a positive integer.grep
filter filters out UNLESS all <regexp>
s are matched. Hence, if you have:item_name
field starts with book_
and the price
field is an integer, it is filtered out.|
operator of regular expressions. For example, if you have:item_name
field starts with book*
or article*
, it is filtered out.regexpN
<regexp>
instead.N
at the end should be replaced with an integer between 1 and 20 (e.g. regexp1
). regexpN
takes two whitespace-delimited arguments.regexpN
version of <regexp>
example:<exclude>
Directivekey
pattern
key
pattern
status_code
field is 5xx:grep
filter filters out if any <exclude>
is matched. Hence, if you have:status_code
of 5xx
OR url
ending with .css
is filtered out.excludeN
<exclude>
instead.N
at the end should be replaced with an integer between 1 and 20 (e.g. exclude1
). excludeN
takes two whitespace-delimited arguments.excludeN
version of <exclude>
example:<regexp>
and <exclude>
are used together, both are applied.