Can we add field in _grokparsefailure if block?

kant.gaurav · September 11, 2017, 4:53pm

is it possible like below?

if "_grokparsefailure" in [tags] {
add_field => ["exceptionClass", "other"]
drop {}
}

right now it is throwing error.

magnusbaeck · September 11, 2017, 6:23pm

Put the add_field line inside a mutate filter.

But what's the point of adding a tag to an event if you're deleting it on the next line?

kant.gaurav · September 11, 2017, 6:53pm

sorry i mentioned drop by mistake. i dont wanna drop that line, just add a new field in case match fails.

system · October 9, 2017, 6:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Add a tag if a field exists Logstash	4	11745	September 21, 2017
Grok add field and add tag not working Logstash	2	978	August 11, 2017
Best way to add a field if the field contatins a specific string Logstash	2	542	July 6, 2017
Add field when line contains EXCEPTION Logstash	6	343	March 9, 2022
Why i cant use if statement in grock block? Logstash	6	348	May 18, 2018