Condition check eror

shijinbose · March 22, 2017, 6:54am

Hi,
I am trying to filter out "Error" from the message tag,

input {
 tcp {
 port => 5000
type => syslog
     }
 udp {
port => 5000
type => syslog
     }
}

filter
{
    grok
    {
            match => { "message" => "%{WORD:error} %{WORD:method}" }
    }
            if [error] =~ /Error/ {
                method => "Error Found"
    }
}

output {
 elasticsearch { hosts => ["localhost:9200"] }
file {
    path => "/root/Logger/logstash-5.2.2.log"
    codec => rubydebug
}
stdout { codec => rubydebug }
}

if the error pattern = "error" then i want to change the value of method to "Error Found"
this code give me the error like this
"Cannot load an invalid configuration {:reason=>"Expected one of #, { at line 19, column 11 (byte 226) after filter \n{\n\tgrok \n\t{\n\t\tmatch => { "message" => "%{WORD:error} %{WORD:method}" }\n\t}\n\t\tif [error] =~ /Error/ {\n\t\t\tmethod "}"

magnusbaeck · March 22, 2017, 7:07am

To change a field value use a mutate filter. I think its replace option is what you need in this case.

shijinbose · March 22, 2017, 7:18am

 mutate {
                     replace => { "method" => "Error Found" }
}

Thank you @magnusbaeck it works

system · April 19, 2017, 7:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use of keyword 'else' causes error "Couldn't find any filter plugin named 'else'." Logstash	4	1711	January 11, 2019
Logstash - Filter - Error message(LogStash::ConfigurationError) Logstash	2	299	August 28, 2020
Error in Logstash conditional expression Logstash	5	1280	March 8, 2018
Logstash compare one field with multiple value (string) Logstash	6	11575	July 6, 2017
How to use conditional statement in Filter Logstash	5	2077	July 6, 2017

Condition check eror

Related topics