Grok, If condition in elasticsearch section

igemon · July 23, 2018, 1:23pm

Hello guys!

I'm trying to use if condition in the elasticsearch section.
I want to write to different indexes depending on ip. what's wrong?

elasticsearch{
if [node_ip] == "10.6.108.100" or "10.6.108.101"
{ 
index => "node1-%{+YYYY.MM.dd}"
hosts = > ["elasticsearchhost:9200"]
}
else if [node_ip] == "10.6.108.102" or "10.6.108.103"
{ 
index => "node2-%{+YYYY.MM.dd}"
hosts = > ["elasticsearchhost:9200"]
}}

Christian_Dahlqvist · July 23, 2018, 1:29pm

You can not use conditionals within a plugin. Instead create multiple elasticsearch plugins with the correct config within conditionals.

Another option is to set a field that holds the prefix based on the conditionals and then use this in the index name specification within a single Elasticsearch output plugin.

dadoonet · July 23, 2018, 1:35pm

Question moved to #logstash

system · August 20, 2018, 1:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using different Index names in Output logstash Logstash	5	433	June 16, 2021
Grok expression with if for Elasticseach Elasticsearch	8	531	March 16, 2020
An index per host Logstash	3	762	December 8, 2018
If conditional statement field source Logstash	2	1849	July 26, 2017
Is it possible to use if else conditional within elastic serach output plugin? Logstash	4	1906	November 20, 2018

Grok, If condition in elasticsearch section

Related topics