I recently started working with Log Insight and I'm looking for a specific funktion.Ich have log data with a lot of text and search now a function to delete uninteresting text content. This is usually not just one line.
Thanks for any help.
Hello and welcome to the communities! Go to the Interactive Analytics page and add a filter for text does not contain <what you want to ignore>
Not sure I am following, what I suggested will ignore a specific line in a file. If you want to exclude a file you could use our agent and then filter by filepath does not contain. If you want to ignore all files from a source you can do source does not contain. If you want to exclude words and/or phrases within a line, but keep the rest of the line, this is not possible today. I hope this helps!
Thank you very much!
Unfortunately I can not try it at the moment but to go safe that you know what I mean here's an example.
If the content of a log file would have two blocks.
Action: text
System Name: Text
Agent Address: Text
...
If Description: lo
Action: text
System Name: Text
Agent Address: Text
...
If Description: something else
The first block is uninteresting and I want to delete it.
Only the following should be in the file.
Action: text
System Name: Text
Agent Address: Text
...
If Description: something else
Sounds like you are looking for event filtering, but this should be done BEFORE it reaches Log Insight. Log Insight ingests everything it is sent and does not drop/remove anything.
Thanks again for your quick answers.
How can I solve this problem (event filtering)
Is it maybe possible to import a log file and create an event of each line?
The proper way to do this is client-side so you would need to check on what syslog agent you are running. For example:
* http://www.rsyslog.com/doc/rsyslog_conf_filter.html
Note that importing files into LI is not supported today server-side though you could do this with LI agent. Also note that the LI agent allows you to specify what a new event looks like (i.e. it can split messages) so you should consider using that instead of 3rd party agents like the links I provided above.
