IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.

« zeromq aggregate »

›

Filter plugins

A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event.

The following filter plugins are available:

Plugin	Description	Github repository
aggregate	Aggregates information from several events originating with a single task	logstash-filter-aggregate
alter	Performs general alterations to fields that the `mutate` filter does not handle	logstash-filter-alter
anonymize	Replaces field values with a consistent hash	logstash-filter-anonymize
collate	Collates events by time or count	logstash-filter-collate
csv	Parses comma-separated value data into individual fields	logstash-filter-csv
cidr	Checks IP addresses against a list of network blocks	logstash-filter-cidr
clone	Duplicates events	logstash-filter-clone
cipher	Applies or removes a cipher to an event	logstash-filter-cipher
checksum	Creates a checksum based on fields in an event	logstash-filter-checksum
date	Parses dates from fields to use as the Logstash timestamp for an event	logstash-filter-date
de_dot	Computationally expensive filter that removes dots from a field name	logstash-filter-de_dot
dns	Performs a standard or reverse DNS lookup	logstash-filter-dns
drop	Drops all events	logstash-filter-drop
elasticsearch	Copies fields from previous log events in Elasticsearch to current events	logstash-filter-elasticsearch
extractnumbers	Extracts numbers from a string	logstash-filter-extractnumbers
environment	Stores environment variables as metadata sub-fields	logstash-filter-environment
elapsed	Calculates the elapsed time between a pair of events	logstash-filter-elapsed
fingerprint	Fingerprints fields by replacing values with a consistent hash	logstash-filter-fingerprint
geoip	Adds geographical information about an IP address	logstash-filter-geoip
grok	Parses unstructured event data into fields	logstash-filter-grok
i18n	Removes special characters from a field	logstash-filter-i18n
json	Parses JSON events	logstash-filter-json
json_encode	Serializes a field to JSON	logstash-filter-json_encode
kv	Parses key-value pairs	logstash-filter-kv
mutate	Performs mutations on fields	logstash-filter-mutate
metrics	Aggregates metrics	logstash-filter-metrics
multiline	Merges multiple lines into a single event	logstash-filter-multiline
metaevent	Adds arbitrary fields to an event	logstash-filter-metaevent
prune	Prunes event data based on a list of fields to blacklist or whitelist	logstash-filter-prune
punct	Strips all non-punctuation content from a field	logstash-filter-punct
ruby	Executes arbitrary Ruby code	logstash-filter-ruby
range	Checks that specified fields stay within given size or length limits	logstash-filter-range
syslog_pri	Parses the `PRI` (priority) field of a `syslog` message	logstash-filter-syslog_pri
sleep	Sleeps for a specified time span	logstash-filter-sleep
split	Splits multi-line messages into distinct events	logstash-filter-split
throttle	Throttles the number of events	logstash-filter-throttle
translate	Replaces field contents based on a hash or YAML file	logstash-filter-translate
uuid	Adds a UUID to events	logstash-filter-uuid
urldecode	Decodes URL-encoded fields	logstash-filter-urldecode
useragent	Parses user agent strings into fields	logstash-filter-useragent
xml	Parses XML into fields	logstash-filter-xml
zeromq	Sends an event to ZeroMQ	logstash-filter-zeromq

« zeromq aggregate »