rule {
//...
params = [
index: "logstash-*",
queryString: "message:Error"
]
reaction { messages -> // All messages that match the query
// Your logic here
}
}
You can find more about query string here