Filebeat/Logstash Log_Type issue

userR · August 27, 2020, 1:55am

Hi, my current Filebeat configuration is below:

- type: log
  enabled: true
  paths:
    - /DATAPATH/log*
  fields: {log_type: JLogs}
  multiline.pattern: *pattern*
  multiline.negate: true
  multiline.match: after

My logstash filter is below. If I take out the if statement, my configuration works perfectly fine. However if I add the if statement (Only adding it because I am in the process of adding different paths in filebeat with different log_types), the log does not go through the filter:

filter {
if [fields][log_type] == "JLogs" {
//config
}

Also, one more follow up. How would I parse date like this: Aug 24 03:32:21 in filebeat?

system · September 24, 2020, 3:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Conditional filtering not working in logstash Logstash	13	5505	March 6, 2019
Filtering on beats fields issue Logstash	7	2211	September 5, 2017
Logstash drop data Logstash	1	390	January 14, 2019
"document_type" on filebeat & "if" and "type" on logstash are not working Logstash	3	4172	April 12, 2017
Parsing different dates from XML & Logs in one Date filed Logstash	7	953	August 8, 2018

Filebeat/Logstash Log_Type issue

Related topics