Updating Kibana Filtering

Updating the filters

1. On Bastion host which works as a ELK server, log in and become root.

2. cd /etc/logstash/conf.d/

   and edit file:

   vi 899-filter-unneeded.conf

3. Add the needed filter at the end just before the last } if [message] =~ "after_perform" {

   drop { }` }

4. Restart logstash:

   service logstash restart

Notes

The simpler the better, this burns a lot of CPU.