Hi All,
how we can use if command in grok
some logs contain tag method
ex : "method" => "get" // I am able to parse the log
I want to add another field , if I am getting the log which is having tag called method
I was doing like but I am not able to do it , any idea where I am doing wrong
filter{
grok {
patterns_dir => "D:/log_file/patterns"
match => [ "message", "%{MASTER_LOG}" ]
}
if[ "method" in [tags]]
{
add_field => ["newtag", "manualtag"]
}
}
This isn't a grok question, it's a general filter question. This is probably what you're looking for:
filter {
...
if "method" in [tags] {
mutate {
add_tag => ["newtag", "manualtag"]
}
}
}@magnusbaeck Thank you 
Working fine ..
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.