Filebeat/Logstash Log_Type issue

userR · August 27, 2020, 1:55am

Hi, my current Filebeat configuration is below:

- type: log
  enabled: true
  paths:
    - /DATAPATH/log*
  fields: {log_type: JLogs}
  multiline.pattern: *pattern*
  multiline.negate: true
  multiline.match: after

My logstash filter is below. If I take out the if statement, my configuration works perfectly fine. However if I add the if statement (Only adding it because I am in the process of adding different paths in filebeat with different log_types), the log does not go through the filter:

filter {
if [fields][log_type] == "JLogs" {
//config
}

Also, one more follow up. How would I parse date like this: Aug 24 03:32:21 in filebeat?

system · September 24, 2020, 3:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to filter Filebeat input in Logstash from different log? Logstash	2	2964	October 12, 2018
Log Filtration Issue with Filebeat and Logstash Configuration Logstash	19	502	September 13, 2023
Ignore_inactive does not work in filebeat with filestream config type Elasticsearch	1	108	January 4, 2024
Problems migrating from filebeat 5 to 7 - not gettings the data/fields we need in logstash Beats filebeat	3	259	September 14, 2023
Filebeat condition Beats filebeat	1	240	May 10, 2022

Filebeat/Logstash Log_Type issue

Related Topics