Conditional Output Not Working

bjmaynard01 · May 29, 2017, 4:10pm

I have come across an interesting problem that is causing me to bash my head against the wall. I'm trying to parse nginx access logs and eventually dump them into ES. However, for testing purposes, I am using stdout. in the below config, when I remove the conditional for [id] I get output to stdout as expected. But when I configure it with a conditional, as will be needed for indexing, no output is generated.

The input is:
input { syslog { port => 2359 id => "cookbook_access" type => "nginx_access" host => "XXX.XXX.XXX.XXX" timezone => "American/New_York" } }
Now, when I use this as the output, I get output generated, as expected.
stdout { codec => rubydebug }
However, when I change the output to be
if [id] == "cookbook_access" { stdout { codec => rubydebug } }
No output is generated.

magnusbaeck · May 29, 2017, 7:00pm

The id option adds an identifier to the plugin. It won't attach an id field to each event processed by the input. You should probably be using the type or the add_field option instead.

system · June 26, 2017, 7:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.