Solved: Send the logs level info to null queue

abhi04 · ‎12-12-2023

Hi, I am trying to ignore the logs that have level info and want to send them to null queue:

example logs (not including the befor eand after pattern of the logs but its a json format and this is one of the fields):

"level":"info",

I have tried below and it does not work, can someone help if this is correct or is there another way, the below is in heavy forwarder

props:

[abc]
TRANSFORMS-null = infonull

transforms

[infonull]
SOURCE_KEY = level
REGEX = info
DEST_KEY = queue
FORMAT = nullQueue

richgalloway · ‎12-12-2023

"level" is not a valid value for SOURCE_KEY. Try _raw, instead.

[infonull]
SOURCE_KEY = _raw
REGEX = "level":"info"
DEST_KEY = queue
FORMAT = nullQueue

---
If this reply helps you, Karma would be appreciated.

abhi04 · ‎12-12-2023

richgalloway · ‎12-12-2023

"level" is not a valid value for SOURCE_KEY. Try _raw, instead.

[infonull]
SOURCE_KEY = _raw
REGEX = "level":"info"
DEST_KEY = queue
FORMAT = nullQueue

---
If this reply helps you, Karma would be appreciated.

abhi04 · ‎12-12-2023

Sample example logs:

{"timestamp":"2023-12-12T15:27:22.890Z","shortmessage":"(abc): def ghi","level":"info","source":"xyz,"file":"/home/abc/def.txt","line":144}

Send the logs level info to null queue