input {
stdin {
}
}
filter {
grok {
match => ["message","s*%{TIMESTAMP_ISO8601}s+(?<Level>(S+)).*"]
}
if [Level] == "DEBUG" {
drop {}
}
if [Level] == "INFO" {
drop {}
}
}
output {
stdout {
codec=>rubydebug{}
}
}
~
利用drop 丢弃过滤日志