I am running 7.17 ELS and trying to drop all docs which come from one specific host
"drop": {
"if" : ("agent.name" == 'ABC')
},
I have added this as drop processor in ingest pipeline however it keeps on complaing about comple error and wont allow me to save it.
Any idea what may be wrong, i have gone thru internet for similar error however dont seem to find the root cause.
Ref: Elasticsearch ingest pipeline drop processor no worky :(
Hi @Atul_Chadha
Did you look at the docs here you have bad syntax Note the outer double quotes and the inner single quotes. Also you need to use the context ctx You should also read about null type safety and conditionals here
There's an excellent example, much like yours.
PUT _ingest/pipeline/my-pipeline
{
"processors": [
{
"drop": {
"description": "Drop documents with 'network.name' of 'Guest'",
"if": "ctx?.network?.name == 'Guest'"
}
}
]
}
Thank you! It was indeed syntax error.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.