Check if event field does not exist when 'nil' should be considered as "exists"

e.sharshenaliev · September 20, 2021, 8:48am

We are indexing metrics that arrive to logstash in json format
There is a value "MeasurementDate" that can either:

be missing
has null value
has date value (iso8601)

When field has valid value or is missing - we need to index this event
When field has value of null - we need to drop this event

Is there any way to differentiate between missing field and field with a value of null/nil?

Badger · September 20, 2021, 1:09pm

You cannot do it using a conditional, but you can do it in ruby

    ruby {
        code => '
            if event.to_hash.include?("foo") and ! event.get("foo")
                event.cancel
            end
        '
    }

system · October 18, 2021, 1:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Check existence of a field and checking null value in field Logstash	4	14065	July 6, 2017
Event is not created for null value records Logstash	4	985	January 24, 2018
Kibana search for events with missing fields Elasticsearch	2	5419	July 6, 2017
CHecking for existance of a field in Ruby filter? Logstash	2	6100	April 27, 2017
Testing for values and adding a value when value field is empty or null Logstash	3	966	August 21, 2019

Check if event field does not exist when 'nil' should be considered as "exists"

Related topics