Check if nested field exists not working

cdalexndr · September 11, 2019, 3:10pm

I have the following code in my logstash configuration where gsub is not applied

    if[exception][stacktrace] {
        mutate {
            gsub => ["exception.stacktrace","\s*at\s(?!package).*", ""]
        }
    }

The exception.stacktrace field is set in a grok match above.
Using the same message, if I remove the conditional, then the gsub is applied as expected, thus the conditional is not working!

I need to use the conditional because my grok matcher has two patterns, one with stacktrace other without it.

Is this a bug, or it's not the correct way to check a nested field existance?

Logstash 7.3.0

Badger · September 11, 2019, 3:22pm

If that is a nested field then you have to refer to it as "[exception][stacktrace]" in the gsub. If it has a period in its name then you need to refer to it as [exception.stacktrace] in the conditional.

cdalexndr · September 11, 2019, 6:32pm

Removing only the conditional, and keeping the field name "exception.stacktrace" in gsub works, and my stacktrace is correctly processed, so the issue is not gsub field name:

 mutate {
            gsub => ["exception.stacktrace","\s*at\s(?!package).*", ""]
        }

Topic		Replies	Views
Check if a field exists Logstash	2	1106	October 16, 2021
Conditional is not working to find nested JSON field Logstash	2	713	August 12, 2019
Checking for existence of nested field Logstash	3	1388	July 6, 2017
If statement not working with gsub Logstash	5	1220	February 12, 2020
Grok filter: check if field exists Logstash	5	12669	June 25, 2018

Check if nested field exists not working

Related topics