Filebeat output two conditions

wuwenjie_cn · June 8, 2018, 10:22am

# send data to elasticsearch
output.elasticsearch:
  hosts: ["http://172.17.91.21:9200"]
  index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "ftjf-test-jar_logs-${ES_DATE}-info"
      #when.equals:
        #fields.type: "jar"
      when.contains:
          message: "INFO"

Whether an index can use two or more when conditions at the same time, how to write the statement?

andrewkroh · June 8, 2018, 1:33pm

Conditions support using and and or. https://www.elastic.co/guide/en/beats/filebeat/master/defining-processors.html#condition-or

output.elasticsearch:
  hosts: ["http://172.17.91.21:9200"]
  index: "logs-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices:
    - index: "ftjf-test-jar_logs-${ES_DATE}-info"
      when:
        and:
        - equals:
            fields.type: "jar"
        - contains:
            message: "INFO"

wuwenjie_cn · June 11, 2018, 2:03am

Thank you very much!

system · July 9, 2018, 2:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
If/Else condition for Output to Elasticsearch Beats docker , filebeat	4	2899	July 12, 2021
Sending output to different indices depending on conditions Beats filebeat	1	134	October 18, 2023
Index and template conditions Beats filebeat	1	197	December 20, 2023
Conditions are not working properly. Seems to match documentation Beats filebeat	10	342	May 20, 2021
Contains condition on multiple index - Filebeat Beats	3	494	April 5, 2021

Filebeat output two conditions

Related Topics