Add a filter to appender in elasticsearch - logging yml syntax
Your syntax is a bit incomplete :-), please use the following and see if it works for you. Filters syntax uses an identifier, thus the 1
in my configuration below. Also, note that if you want to filter out the "marvel" ones then you need acceptOnMatch: false
.
filter: 1: type: org.apache.log4j.varia.StringMatchFilter StringToMatch: "marvel" AcceptOnMatch: false
I just realised that the level that you log to index_search_slow_log_file can be specific to the index.
So I don't actually need to filter out marvel logs, I can just set the default to no logging in elasticsearch.yml (i.e. don't change it), enable logging to index_search_slow_log_file and then put an index specific override via the index settings API.
elasticsearch.yml: no change
logging.yml:
additivity: index.search.slowlog: true ...
Index settings API:
PUT /index_name/_settings{ "index": { "search": { "slowlog": { "threshold": { "fetch": { "trace": "0ms", "info": "500ms", "warn": "1s" } } } } }}
To add to andrei-stefan's answer, you can also invert the sense of matching to AcceptOnMatch: true
, but this requires adding an explicit DenyAllFilter
after. The full example looks like this:
filter: 1: type: org.apache.log4j.varia.StringMatchFilter StringToMatch: "my-important-index" AcceptOnMatch: true 2: type: org.apache.log4j.varia.DenyAllFilter