Check if a field is a given type in logstash

dear,
from a source (winlogbeat 7.11) I'm getting the messages which should contain specific type, but sometime, the type is not the type expected and elastic won't index the data.
i would like to have a condition in logstash which will check, if valid type is given and if it is not, then the field will be removed. i'm not sure how to achiveve this.

approx. example of what i would like to have:

  # failed to parse field [winlog.event_data.IpPort] of type [integer]
  #if ( "" in [winlog][event_data][IpPort] ) {
  #  grok {
  #    match => { "[winlog][event_data][UtcTime]" => "%{IP}" }
  #    break_on_match => true
  #    mutate { remove_field => [ "[winlog][event_data][IpPort]" ] }
  #  }
  #}

thanks for ideas

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.