Hello everyone,
I am writing about a conditional problem I have.
I am trying to aggregate Jenkins logs line using
https://www.elastic.co/guide/en/logstash/current/plugins-filters-aggregate.html#plugins-filters-aggregate-example1
As the Example #1, I want to use a conditional based on the fact the the first message starts with 'Started by'
I follow this tutorial : https://www.elastic.co/guide/en/logstash/current/config-examples.html#using-conditionals
So I did that
if("Started by" in [message] ) {
aggregate {
task_id => "%{@buildTimestamp}"
code => "map['message1']=event.get('message')"
map_action => "create"
add_field => { "startAgregation" => "yes" } #for debug purpose
}
}else{
mutate {
add_field => { "startAgregation" => "no" } #for debug purpose
}
}
As it did not worked, I tried
if([message] =~ "Started by" )
Then
if([message] =~ /^Started by.*/ )
None of thus worked.
But when I tried the whole message
if("Started by user DEVINEAU Simon" in [message] )
Then it worked.
Do you have any idea ?