{"level":30,"time":1605686969640,"pid":1,"hostname":"ip-100-91-70-500","name":"ZA-dev",
this is my sample logs,
here i am trying to achieve, if level:30 in message it has to create info log-level,
i tired
filter {
if [level] == "30" {
mutate { add_field => [ "log-level", "info" ]
}
}
}
but not getting correct requirement. i am new to elk, can someone please tell me how to achieve this
If the [message] field is valid JSON then you could use a json filter to parse it
json { source => "message" }
You will then have a [level] field that you can test
if [level] == 30
...
1 Like
thanks man, its works.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.