Filter pluginsedit
A filter plugin performs intermediary processing on an event. Filters are often applied conditionally depending on the characteristics of the event.
The following filter plugins are available below. For a list of Elastic supported plugins, please consult the Support Matrix.
Plugin | Description | Github repository |
Aggregates information from several events originating with a single task | ||
Performs general alterations to fields that the | ||
Checks IP addresses against a list of network blocks | ||
Applies or removes a cipher to an event | ||
Duplicates events | ||
Parses comma-separated value data into individual fields | ||
Parses dates from fields to use as the Logstash timestamp for an event | ||
Computationally expensive filter that removes dots from a field name | ||
Extracts unstructured event data into fields using delimiters | ||
Performs a standard or reverse DNS lookup | ||
Drops all events | ||
Calculates the elapsed time between a pair of events | ||
Copies fields from previous log events in Elasticsearch to current events | ||
Stores environment variables as metadata sub-fields | ||
Extracts numbers from a string | ||
Fingerprints fields by replacing values with a consistent hash | ||
Adds geographical information about an IP address | ||
Parses unstructured event data into fields | ||
Removes special characters from a field | ||
Enrich events with your database data | ||
Parses JSON events | ||
Serializes a field to JSON | ||
Parses key-value pairs | ||
Takes complex events containing a number of metrics and splits these up into multiple events, each holding a single metric | ||
Aggregates metrics | ||
Performs mutations on fields | ||
Prunes event data based on a list of fields to blacklist or whitelist | ||
Checks that specified fields stay within given size or length limits | ||
Executes arbitrary Ruby code | ||
Sleeps for a specified time span | ||
Splits multi-line messages into distinct events | ||
Parses the | ||
Throttles the number of events | ||
Replaces the contents of the default message field with whatever you specify in the configuration | ||
Replaces field contents based on a hash or YAML file | ||
Truncates fields longer than a given length | ||
Decodes URL-encoded fields | ||
Parses user agent strings into fields | ||
Adds a UUID to events | ||
Parses XML into fields |