Check if nested field exists not working

cdalexndr · September 11, 2019, 3:10pm

I have the following code in my logstash configuration where gsub is not applied

    if[exception][stacktrace] {
        mutate {
            gsub => ["exception.stacktrace","\s*at\s(?!package).*", ""]
        }
    }

The exception.stacktrace field is set in a grok match above.
Using the same message, if I remove the conditional, then the gsub is applied as expected, thus the conditional is not working!

I need to use the conditional because my grok matcher has two patterns, one with stacktrace other without it.

Is this a bug, or it's not the correct way to check a nested field existance?

Logstash 7.3.0

Badger · September 11, 2019, 3:22pm

If that is a nested field then you have to refer to it as "[exception][stacktrace]" in the gsub. If it has a period in its name then you need to refer to it as [exception.stacktrace] in the conditional.

cdalexndr · September 11, 2019, 6:32pm

Removing only the conditional, and keeping the field name "exception.stacktrace" in gsub works, and my stacktrace is correctly processed, so the issue is not gsub field name:

 mutate {
            gsub => ["exception.stacktrace","\s*at\s(?!package).*", ""]
        }

system · October 9, 2019, 6:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Check if a field exists Logstash	2	810	October 16, 2021
Conditional is not working to find nested JSON field Logstash	2	688	August 12, 2019
Conditionals with nested fields in logstash not working Logstash	3	687	December 4, 2020
Checking for existence of nested field Logstash	3	1338	July 6, 2017
Issues with if statement, grok, and mutate Logstash	1	3381	July 6, 2017

Check if nested field exists not working

Related topics