Hello, i work on conditional filter in logstash.
Currently it's not working 
Here a few example of line in my file :
20170415020000;Nb_RQ_live-C-FWK-WRK-DM-2;server5;2
20170415020000;Nb_RQ_live-C-FWK-WRK-DM-2;server2;5
20170415020000;Nb_RQ_live-C-FWK-WRK-DM-1;7
20170415021000;RAM_process-C-FWK-RQ-3;server5;POV;901.906
20170415021000;RAM_process-C-FWK-RQ-3;server2;POV;846.59
20170415021000;RAM_process-C-FWK-RQ-3;server5;CORB;3246.39
20170415021000;RAM_process-C-FWK-RQ-3;server2;CORB;2996.37
20170415021000;LU_Total_Refresh-C-FWK_STP-3;server5;POV;8
20170415021000;LU_Total_Terminate-C-FWK_STP-3;server5;POV;0
20170415021000;LU_Number_Delete-C-FWK_STP-3;server5;POV;0
So, i use this to parse my file (not complet) :
filter {
if [type] == "q_compteur" {
if [message] =~ /^"Nb_RQ_live-C-FWK-WRK-DM-2"/ {
csv {
columns => [ "RQ_live_date", "Name_RQ_live", "server", "Nb_RQ_live" ]
separator => ";"
}
mutate {
remove_field => [ "message", "tags", "host", "path" ]
convert => {
"Nb_RQ_live" => "integer"
}
}
date {
match => [ "RQ_live_date" , "YYYYMMddHHmmss" ]
remove_field => ["RQ_live_date"]
}
}
else if [message] =~ /^"Nb_RQ_live-C-FWK-WRK-DM-1"/ {
csv {
columns => [ "RQ_live_date", "Name_RQ_live_total", "Nb_RQ_live_total" ]
separator => ";"
}
mutate {
remove_field => [ "message", "tags", "host", "path" ]
convert => {
"Nb_RQ_live_total" => "integer"
}
}
date {
match => [ "RQ_live_date" , "YYYYMMddHHmmss" ]
remove_field => ["RQ_live_date"]
}
}
else if [message] =~ /^"LU_Total_Refresh-C-FWK_STP-3"/ {
csv {
columns => [ "LU_refresh_date", "Name_LU_refresh", "server", "Type_refresh", "Nb_refresh" ]
separator => ";"
}
mutate {
remove_field => [ "message", "tags", "host", "path" ]
convert => {
"Nb_refresh" => "integer"
}
}
date {
match => [ "LU_refresh_date" , "YYYYMMddHHmmss" ]
remove_field => ["LU_refresh_date"]
}
}
else if [message] =~ /^"LU_Number_Delete-C-FWK_STP-3"/ {[..........]
Is the good method ? I have other lines in file but i don't need.