How to check if there is some specific field under fields

elasticheart · November 16, 2016, 5:35am

Hi,

I have a kafka input and sample data is something like;

{
  "@timestamp": "2016-11-16T05:26:16.137Z",
  "beat": {
    "hostname": "localhost",
    "name": "server",
    "version": "5.0.0"
  },
  "fields": {
    "logtype": "mylogs"
  },

I want to apply grok if mylogs, and I tried;

if[fields.logtype] == "mylogs"{
	grok {
	#do something
	}
}

But this is not working. What is the correct syntax for doing this? I mean, I want to apply grok if the field logtype under fields has value mylogs

Thanks.

elasticheart · November 16, 2016, 5:55am

solved it using [fields][logtype]

system · December 14, 2016, 5:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Check for existence of a field / sub-field Logstash	2	2654	February 8, 2017
Check if a field is a given type in logstash Logstash	1	1147	September 26, 2019
Logstash conditional test for value in a field Logstash	2	372	November 10, 2020
Grok filter on logstash Logstash	5	439	March 30, 2020
Logstash filter fields in if conditions Logstash	5	19449	August 25, 2020

How to check if there is some specific field under fields

Related topics