Find Out empty field

YASH_SHARMA7766 · August 5, 2021, 6:08pm

I have a data set of 4-5 fields.I want to check if any data field is empty , Iogstash add a field name incomplete data and add value of field name in that.Sample data and code is attached below.

As shown in image,service column has some empty data fields.

Code I am using for this is as follows :


input

{

    file

    {

        path=> "C:/elastic_stack/HPAM/incomplete data/ipdata1.csv"

        start_position => "beginning"

        sincedb_path => "NULL"

    }

}

filter

{

    csv

    {

        separator => ","

        columns => ["IP","Host","Service","Status"]

    }

    

#    if [Service] == " " 

#    {

#        mutate

#        {

#            add_field => { "data_incomplete" => "service" }

#        }

#    }

}

output {

    elasticsearch{

        hosts => "http://localhost:9200/"

        index => "empty"

    }

    stdout{}

}

Badger · August 5, 2021, 6:32pm

That should be "NUL", not "NULL". If you use "NULL" then the in-memory sincedb will be persisted to a file called NULL in whatever the working directory of logstash is.

To test for an empty field you can use

if ! [service] {

YASH_SHARMA7766 · August 5, 2021, 7:09pm

@Badger Thank You for your valuable help and time.It works perfectly.

system · September 2, 2021, 7:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.