I have this filter in the config file, i trying to validate it using in build test config functionality. I am getting error.
filter {
if( "Network Login" in [message]){
if("caps_fail" in [message]){
grok{
match =>{"message" => "%{TIMESTAMP_ISO8601:timeStamp}"}
}
}else{
grok{
match =>{"message" => "%{TIMESTAMP_ISO8601:timeStamp}"}
}
}
#outer else
}else{
grok{
match =>{"message" => "%{TIMESTAMP_ISO8601:timeStamp"}
}
}
I cut shot the grok patterns. I tested these patterns in the debugger before putting them here.
Here is the error message after running : /bin/logstash --config.test_and_exit -f logstash.conf
[FATAL] 2020-04-14 13:01:56.137 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of [ \t\r\n], "#", "{", "}" at line 20, column 17 (byte 1279) after filter {
if( "Network Login" in [message]){
if("caps_fail" in [message]){
grok{
match =>{"message" => "%{TIMESTAMP_ISO8601:timeStamp}"}
}
}else{
grok{
match =>{"message" => "%{TIMESTAMP_ISO8601:timeStamp}"}
}
}
#outer else
}else{
grok{
match =>{"
[ERROR] 2020-04-14 13:01:56.140 [LogStash::Runner] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
I am trying to extract data based on strings present in the log and trying to use nested if statements. I still want to next three if statements. Not able to figure out what is wrong. Please help, Thanks
