# send data to elasticsearch
output.elasticsearch:
hosts: ["http://172.17.91.21:9200"]
index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
indices:
- index: "ftjf-test-jar_logs-${ES_DATE}-info"
#when.equals:
#fields.type: "jar"
when.contains:
message: "INFO"
Whether an index can use two or more when conditions at the same time, how to write the statement?
Conditions support using and and or. https://www.elastic.co/guide/en/beats/filebeat/master/defining-processors.html#condition-or
output.elasticsearch:
hosts: ["http://172.17.91.21:9200"]
index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
indices:
- index: "ftjf-test-jar_logs-${ES_DATE}-info"
when:
and:
- equals:
fields.type: "jar"
- contains:
message: "INFO"
Thank you very much!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.