Filebeat output two conditions

wuwenjie_cn · June 8, 2018, 10:22am

# send data to elasticsearch
output.elasticsearch:
  hosts: ["http://172.17.91.21:9200"]
  index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "ftjf-test-jar_logs-${ES_DATE}-info"
      #when.equals:
        #fields.type: "jar"
      when.contains:
          message: "INFO"

Whether an index can use two or more when conditions at the same time, how to write the statement?

andrewkroh · June 8, 2018, 1:33pm

Conditions support using and and or. https://www.elastic.co/guide/en/beats/filebeat/master/defining-processors.html#condition-or

output.elasticsearch:
  hosts: ["http://172.17.91.21:9200"]
  index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "ftjf-test-jar_logs-${ES_DATE}-info"
      when:
        and:
        - equals:
            fields.type: "jar"
        - contains:
            message: "INFO"

wuwenjie_cn · June 11, 2018, 2:03am

Thank you very much!

Topic		Replies	Views
If/Else condition for Output to Elasticsearch Beats docker , filebeat	4	3259	July 12, 2021
Separate ELK pattern for log files Elasticsearch	5	215	August 29, 2023
Sending output to different indices depending on conditions Beats filebeat	1	165	October 18, 2023
Logstash on kubernetes. Multiple output conditions Logstash	5	770	November 22, 2019
Set indices based on a field value Beats filebeat	5	3709	January 18, 2017

Filebeat output two conditions

Related topics