Skipping certain number of lines after regex match
Tags:
#1
mime
Please, could you advise how to skip (drop) certain number of next log lines after the $raw_event matches (Exec if $raw_event =~ / .... / drop();) ??? Thanks!
#1
mime
Please, could you advise how to skip (drop) certain number of next log lines after the $raw_event matches (Exec if $raw_event =~ / .... / drop();) ??? Thanks!
Hi. You could use counters and simple if-else conditioning like this:
```
create_stat('counter', 'COUNT');
if $raw_event =~ /some_pattern/ and get_stat('counter') == 3 {
add_stat('counter', -3);
} else if get_stat('counter') < 3 {
drop();
}
```
It will drop every three events after something which trigger regex. Please take a look and give it a try.
Regards, Arch
