这是一个使用a的例子
ruby
过滤。
出于说明目的,我发送给stdin的消息仅由具有格式的日期组成
dd/MM/yyyy
input {
stdin {}
}
filter {
date {
match => [“message”, “dd/MM/yyyy”]
}
ruby {
code => “
if event[‘@timestamp’] > Time.now
event.cancel
end
“
}
}
output {
stdout {
codec => rubydebug
}
}</code>
因此,如果您使用上面的配置启动logstash,您将获得以下输出:
10/08/2016 <—- today is accepted
{
“message” => “10/08/2016”,
“@version” => “1”,
“@timestamp” => “2016-08-09T22:00:00.000Z”,
“host” => “iMac-de-Consulthys.local”
}
11/08/2016 <—- tomorrow is dropped
10/09/2016 <—- a date in a month from now is dropped
09/07/2016 <—- a date a month ago is accepted
{
“message” => “09/07/2016”,
“@version” => “1”,
“@timestamp” => “2016-07-08T22:00:00.000Z”,
“host” => “iMac-de-Consulthys.local”
}</code>