Field value filter

shaharz · August 3, 2017, 11:27am

Hello,

i would like to know how can i do a field value filter? for example to do drop event by field value or length of a value, and how can i do a where in filter, for example. "field value" not in [1,2,3] etc.

thanks.

josephjohney · August 3, 2017, 11:33am

You could define the Grok pattern with conditional fields.

IF the pattern matches x - set the value to the a 'xstring'
else you could set value to 'anotherstring'

Example
%{patternforx:xstring}| %{WORD:ystring}

magnusbaeck · August 3, 2017, 11:39am

Have you read the documentation about conditionals?

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#conditionals

shaharz · August 4, 2017, 2:04pm

thank you

shaharz · August 4, 2017, 2:05pm

now yes :). thanks !

shaharz · August 4, 2017, 2:19pm

tell me, didnt see how i can get the length of a field value?

magnusbaeck · August 4, 2017, 2:20pm

I think you need to use a ruby filter to check the field value length.

system · September 1, 2017, 2:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash conditional test for value in a field Logstash	2	372	November 10, 2020
Field based filter Logstash	5	495	June 26, 2019
Need to split a field and use part of it in conditionals Logstash	4	454	November 3, 2017
How to use conditional statement in Filter Logstash	5	2077	July 6, 2017
How can I check event.field value from a file? Logstash	5	538	April 13, 2021

Field value filter

Related topics