Create event on change of field

Hi All

I need some help getting started in the right direction with a logstash configuration please:

We have log events coming into logstash right now. From each of the events we currently parse the name of a computer and the name of the WiFi access point that the computer is connected to.

What we need to do is compare the wifi access point for a computer each time a log event comes into logstash and create an ES event only when the new wifi access point is different to the last wifi access point (EG the computer has moved access points)

Can someone point me in the right direction please?

Take a look at the second configuration in this post.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.