Hi,
Trying to add a new field IF event_data.Status is a specific value. Cant figure out the syntax for Logstash.
Anyone?
/Maekee
You can use a conditional mutate filter.
filter {
if [event_data][Status] == "some value" {
mutate {
add_field => [ "myfield", "foobar" ]
}
}
}
Thanks alot Andrew, just now found the exact same solution.
Appreciate it!!!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.