Check if event field does not exist when 'nil' should be considered as "exists"

e.sharshenaliev · September 20, 2021, 8:48am

We are indexing metrics that arrive to logstash in json format
There is a value "MeasurementDate" that can either:

be missing
has null value
has date value (iso8601)

When field has valid value or is missing - we need to index this event
When field has value of null - we need to drop this event

Is there any way to differentiate between missing field and field with a value of null/nil?

Badger · September 20, 2021, 1:09pm

You cannot do it using a conditional, but you can do it in ruby

    ruby {
        code => '
            if event.to_hash.include?("foo") and ! event.get("foo")
                event.cancel
            end
        '
    }

system · October 18, 2021, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Check existence of a field and checking null value in field Logstash	4	14120	July 6, 2017
Null validation in logstash Logstash	8	24121	July 6, 2017
How to check if a field exists in the Ruby plugin? Logstash	1	2006	July 6, 2017
Kibana search for events with missing fields Elasticsearch	2	5435	July 6, 2017
Ignore the entire message if one field is nil Logstash	3	314	March 24, 2020

Check if event field does not exist when 'nil' should be considered as "exists"

Related topics