Filters are intermediary processing devices in the Logstash pipeline. You can COMBINE filters with conditionals to perform an action on an event if it meets certain criteria.

Some useful filters include:

• Grok: parse and structure arbitrary text. Grok is currently the best way in Logstash to parse unstructured log data into something structured and query able. With 120 PATTERNS built-in to Logstash, it’s more than likely you’ll find one that meets your needs!
• Mutate: perform general TRANSFORMATIONS on event fields. You can rename, remove, replace, and modify fields in your events.
• Drop: drop an event completely, for example, debug events.
• Clone: make a copy of an event, possibly adding or removing fields.
• Geoip: add INFORMATION about geographical location of IP addresses (also displays AMAZING charts in Kibana!)

Filters are intermediary processing devices in the Logstash pipeline. You can combine filters with conditionals to perform an action on an event if it meets certain criteria.

Some useful filters include: