Hi, my current Filebeat configuration is below:
- type: log enabled: true paths: - /DATAPATH/log* fields: {log_type: JLogs} multiline.pattern: *pattern* multiline.negate: true multiline.match: after
My logstash filter is below. If I take out the if statement, my configuration works perfectly fine. However if I add the if statement (Only adding it because I am in the process of adding different paths in filebeat with different log_types), the log does not go through the filter:
filter {
if [fields][log_type] == "JLogs" {
//config
}
Also, one more follow up. How would I parse date like this: Aug 24 03:32:21 in filebeat?