How to get logs and it's data having word "error" in then and how to configure logstashPipeLine.conf file for the same?

Question

Currently I am working on an application where I need to create documents from particular data from a file at specific location. I have set up logstash pipeline configuration.

Here is what it looks like currently:

input{
file{
path => "D:\ELK_Info\logstashInput.log"
start_position => "beginning"
}
}
#Possible IF condition here in the filter

output {
 #Possible IF condition here
  http {
    url => "http://localhost:9200/<index_name>/<type_name>"
    http_method => "post"
    format => "json"
  }
}

I want to provide IF condition in output before calling API. The condition should be like, "If data from input contains word 'Error', only then proceed further to call http API mentioned."

Any idea on how may I do the same?

Answer 1

Please look at this link: Ignore and move to next pattern if log contains a specific word

The first step is to look whehther input has error as key word, if so, continue the parsing by second grok. If no, just forget the input.