And operator in logstash output

Michael1 · March 27, 2018, 9:01pm

I am sending JSON logs to logstash. Amongst the fields, there are two I am looking for -

[records][LogicalServerName]
[records][category]

I wrote an output like such -

else if [records][LogicalServerName] == "servername" and [records][category] == "DatabaseWaitStatistics"
{
elasticsearch {
hosts => ["http://my_elastic_ip:my_elastic_port"]
index => "myindex-dbwaitstatistics-%{+YYYY.MM.dd}"
user => "user"
password => "pass"
}
}

I am seeing the logs get sent to logstash successfully, but in Kibana, I keep trying to create the index, but it doesn't appear there is one. I verified the fields and triple checked. Also, the function to send the logs is working for another index, but I did not try the 'and' operator with that.

What could be the issue?

magnusbaeck · March 28, 2018, 2:04pm

And what does an example document look like? Use a stdout { codec => rubydebug } output.

system · April 25, 2018, 2:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does multiple indices in output work? Logstash	1	947	July 6, 2017
Logstash output configuration for beat Logstash	3	615	July 6, 2017
Output IF ELSE configuration error Logstash	8	35827	July 6, 2017
Multiple if else problem in output in Logstash Logstash	7	7029	April 4, 2019
Pipelines or "if else" conditions for output Logstash	13	15761	April 26, 2018

And operator in logstash output

Related topics