Alternate to multiple if..else-if in Logstash .conf file

anisen · March 24, 2017, 4:59am

Hi,

In my log file, there is a URI field.

Now, I have added another field named 'user_operation' with a default value and want to assign different values to this 'user_operation' field depending on the value of the URI field.

In the log file, there are around 100 different URIs and I want to assign different user_operation values for each of them.

Currently I am using IF..ELSE-IF..ELSE-IF..ELSE-IF... and so on

if [uri] =~ "/_mysite/login.asmx"{
mutate {
update => {
"user_operation" => "User Login"
}
}
}
else if [uri] =~ "/_mysite/Pages/PlaceOrder.aspx"{
mutate {
update => {
"user_operation" => "Place Order"
}
}
}
else if [uri] =~ "/_mysite/LogOut.asmx"{
mutate {
update => {
"user_operation" => "Logout"
}
}
}
.....
..... and so on.

Its working.
But, I am not sure how it will impact the performance if there are so many if..else-if conditions in the logstash conf file.

Is there any better way to do this?
Please suggest.

magnusbaeck · March 24, 2017, 5:59am

The translate filter should be helpful here.

anisen · March 24, 2017, 6:29am

Thanks a lot. Will try it out.

anisen · March 24, 2017, 11:20am

Tried and it served my purpose. Thanks again @magnusbaeck . This is exactly something I was looking for.

system · April 21, 2017, 11:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IS it possible to use "nested else if" in logstash.conf Logstash	3	231	January 31, 2023
Help With Multiple If {} else if {} COnfiguration Logstash	2	29311	July 6, 2017
Logstash Output Logstash	2	197	May 24, 2023
Puting multiple if conditionals into loop Logstash	2	314	February 12, 2021
Using if else in logstash filter Logstash	9	1734	November 16, 2022

Alternate to multiple if..else-if in Logstash .conf file

Related topics