We are indexing metrics that arrive to logstash in json format
There is a value "MeasurementDate" that can either:
When field has valid value or is missing - we need to index this event
When field has value of null - we need to drop this event
Is there any way to differentiate between missing field and field with a value of null/nil?
You cannot do it using a conditional, but you can do it in ruby
ruby {
code => '
if event.to_hash.include?("foo") and ! event.get("foo")
event.cancel
end
'
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.