Conditionals with nested fields in logstash not working

darlin · November 5, 2020, 2:29pm

Hi,

somehow when we use the input http plugin afterwards the conditionals with nested fields are not working. I've already tried with a non nested field and then it is working.

With the below configuration the request will be sent to elasticsearch instead of the businessobjects pipeline

HTTP Input Pipeline

    input {
  http {
    port => 8080
  }
}

output {
  if [log][message] =~ ".*BO.*" {
    pipeline {
      send_to => "businessobjects"
    }
  }
  else {
    elasticsearch {
   ....
   }
  }
  stdout { codec => rubydebug }
}

JSON Body of Request

    {
   "log.message":"BO Data is published",
}

I hope anyone can help!
Thank you
Darlin

Badger · November 5, 2020, 3:13pm

That would be [log.message]

[log][message] would be used if the JSON were

{ "log": { "message": "BO Data is published" } }

darlin · November 6, 2020, 11:50am

Thank you! Now it's working!

system · December 4, 2020, 11:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Conditional is not working to find nested JSON field Logstash	2	688	August 12, 2019
Logstash conditional for nested field Logstash	3	3613	June 8, 2018
Nested Field Different Data Types Logstash	3	295	June 8, 2018
Checking if an nested field which is an array contains a value Logstash	2	8540	July 6, 2017
Logstatsh Conditional Filter is not working Logstash elastic-stack-monitoring	3	300	April 19, 2022

Conditionals with nested fields in logstash not working

Related topics