How to check column quantity in a filter?

DanV · April 4, 2018, 2:22pm

Hello,

I'm receiving logs from a firewall and i want to sort the different types of logs based on the quantity of columns (columns created using cvs with autogenerate on) they have, instead of doing it based on the column values. Something like:

                          if number_of_columns == 30:
                                                do this because it's the type of log that has 30 columns

Is there some kind of way to do this?

Thanks!

Jenni · April 4, 2018, 2:55pm

Is this what you want?

ruby {
    code => "event.set('[@metadata][colcount]',event.to_hash.length)"
 }

DanV · April 5, 2018, 12:58pm

Yes, thank you very much!

system · May 3, 2018, 12:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash csv - Filters only rows with specific column count Logstash	2	950	January 30, 2020
Using Ruby to count the number of fields in a message, then apply CSV depending on the count? Logstash	2	2284	May 20, 2019
Dealing with multiple number of values from the same input - Logstash Logstash	5	441	April 1, 2021
Logstash can't recognize csv columns Logstash	6	716	September 20, 2019
How do I conditionally parse a CSV into different columns? Logstash	2	247	August 13, 2021

How to check column quantity in a filter?

Related topics