How to check if there is some specific field under fields

elasticheart · November 16, 2016, 5:35am

Hi,

I have a kafka input and sample data is something like;

{
  "@timestamp": "2016-11-16T05:26:16.137Z",
  "beat": {
    "hostname": "localhost",
    "name": "server",
    "version": "5.0.0"
  },
  "fields": {
    "logtype": "mylogs"
  },

I want to apply grok if mylogs, and I tried;

if[fields.logtype] == "mylogs"{
	grok {
	#do something
	}
}

But this is not working. What is the correct syntax for doing this? I mean, I want to apply grok if the field logtype under fields has value mylogs

Thanks.

elasticheart · November 16, 2016, 5:55am

solved it using [fields][logtype]

system · December 14, 2016, 5:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.