Conditional Problem during log aggregation

Hello everyone,

I am writing about a conditional problem I have.
I am trying to aggregate Jenkins logs line using
https://www.elastic.co/guide/en/logstash/current/plugins-filters-aggregate.html#plugins-filters-aggregate-example1

As the Example #1, I want to use a conditional based on the fact the the first message starts with 'Started by'
I follow this tutorial : https://www.elastic.co/guide/en/logstash/current/config-examples.html#using-conditionals

So I did that

  if("Started by" in [message] ) {
     aggregate {
       task_id => "%{@buildTimestamp}"
       code => "map['message1']=event.get('message')"
       map_action => "create"
       add_field => { "startAgregation" => "yes" } #for debug purpose
     }
  }else{
    mutate {
       add_field => { "startAgregation" => "no" } #for debug purpose
        }
 }

As it did not worked, I tried
if([message] =~ "Started by" )
Then
if([message] =~ /^Started by.*/ )

None of thus worked.
But when I tried the whole message
if("Started by user DEVINEAU Simon" in [message] )
Then it worked.

Do you have any idea ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.