Check if event field does not exist when 'nil' should be considered as "exists"

e.sharshenaliev · September 20, 2021, 8:48am

We are indexing metrics that arrive to logstash in json format
There is a value "MeasurementDate" that can either:

be missing
has null value
has date value (iso8601)

When field has valid value or is missing - we need to index this event
When field has value of null - we need to drop this event

Is there any way to differentiate between missing field and field with a value of null/nil?

Badger · September 20, 2021, 1:09pm

You cannot do it using a conditional, but you can do it in ruby

    ruby {
        code => '
            if event.to_hash.include?("foo") and ! event.get("foo")
                event.cancel
            end
        '
    }

system · October 18, 2021, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana search for events with missing fields Elasticsearch	2	5417	July 6, 2017
Null validation in logstash Logstash	8	23735	July 6, 2017
Conditional for empty field Logstash	3	23081	July 4, 2017
Logstash filter "if" condition to check if field exist or not Logstash	2	8090	April 22, 2021
Logstash ruby filter condition error Logstash	2	1013	March 20, 2019

Check if event field does not exist when 'nil' should be considered as "exists"

Related Topics