Hi,
We have a field named "AP_NAME" this field value contains a common names like WIRAP and WIRWM but some additional names also coming to this field so I want put a condition in logstash to get only this particular WIRAP and WIRWM naming values in the field "AP_NAME"
Regards
Gowtham S
You could try
if [APP_NAME] not in [ "WIRAP", "WIRWM" ] {
#mutate { remove_field => [ "APP_NAME" ] }
mutate { replace => { "APP_NAME" => "-" } }
}
We need to put # in the second line.Please confirm once.
if [APP_NAME] not in [ "WIRAP", "WIRWM" ] {
#mutate { remove_field => [ "APP_NAME" ] }
mutate { replace => { "APP_NAME" => "-" } }
}
You need to decide what to do with events where APP_NAME is not one of the values you want to keep.
Do you want to delete the field? In that case uncomment the first mutate and delete the second.
Or do you want a default value? In which case delete the first (commented) mutate, and pick an appropriate default value in the second.
We need only the value which contains WIRAP and WIRWM don't need the remaining values in the AP_NAME field so will go with the below one and remove the values which not conains WIRAP and WIRWM in the AP_NAME field.
if [APP_NAME] not in [ "WIRAP", "WIRWM" ] {
mutate { remove_field => [ "APP_NAME" ] }
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.