Parses dates from fields to use as Logstash timestamps for events.

The following config parses a field calledlogdate to set the Logstash timestamp:

filter {  date {    match => [ "logdate", "MMM dd yyyy HH:mm:ss" ]  }}

Drops events. This filter is typically used in combination with conditionals.

The following config dropsdebug level log messages:

filter {  if [loglevel] == "debug" {    drop { }  }}

Fingerprints fields by applying a consistent hash.

The following config fingerprints theIP,@timestamp, andmessage fields and adds the hash to a metadata field calledgenerated_id:

filter {  fingerprint {    source => ["IP", "@timestamp", "message"]    method => "SHA1"    key => "0123"    target => "[@metadata][generated_id]"  }}

Performs general mutations on fields. You can rename, remove, replace, and modify fields in your events.

The following config renames theHOSTORIP field toclient_ip:

filter {  mutate {    rename => { "HOSTORIP" => "client_ip" }  }}

The following config strips leading and trailing whitespace from the specified fields:

filter {  mutate {    strip => ["field1", "field2"]  }}

Executes Ruby code.

The following config executes Ruby code that cancels 90% of the events:

filter {  ruby {    code => "event.cancel if rand <= 0.90"  }}