On Bastion host which works as a ELK server, log in and become root.
cd /etc/logstash/conf.d/ and edit file: vi 899-filter-unneeded.conf
Add the needed filter at the end just before the last } if [message] =~ "after_perform" { drop { }` }
Restart logstash: service logstash restart

The simpler the better, this burns a lot of CPU.

Updating Kibana Filtering

results matching ""