Conditional Output Not Working

bjmaynard01 · May 29, 2017, 4:10pm

I have come across an interesting problem that is causing me to bash my head against the wall. I'm trying to parse nginx access logs and eventually dump them into ES. However, for testing purposes, I am using stdout. in the below config, when I remove the conditional for [id] I get output to stdout as expected. But when I configure it with a conditional, as will be needed for indexing, no output is generated.

The input is:
input { syslog { port => 2359 id => "cookbook_access" type => "nginx_access" host => "XXX.XXX.XXX.XXX" timezone => "American/New_York" } }
Now, when I use this as the output, I get output generated, as expected.
stdout { codec => rubydebug }
However, when I change the output to be
if [id] == "cookbook_access" { stdout { codec => rubydebug } }
No output is generated.

magnusbaeck · May 29, 2017, 7:00pm

The id option adds an identifier to the plugin. It won't attach an id field to each event processed by the input. You should probably be using the type or the add_field option instead.

system · June 26, 2017, 7:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 6.3 and redis conditional on id Logstash	5	370	August 24, 2018
Conditional if on output using id Logstash	2	1008	November 19, 2018
Stdout rubydebug not outputting to file Logstash	12	821	November 6, 2020
If conditional with multiple outputs Logstash	7	13155	May 22, 2019
Conditional in output filter fails on Linux Logstash	9	396	April 22, 2020

Conditional Output Not Working

Related topics