Hie ,
Im trying to check a condition for nested json fields and if the condition is met I want to drop the entire data , but it is not working
Source:
"Data" => [
[0] {
"Scales" => [
[0] {
"TaskInfos" => [
[0] {
"Text1" => "",
"Text2" => ""
}
],
"HasErrorState" => true
}
]
}
]
Logstash script:
filter{
if [type] == "digital"
{
if [Data][Scales][HasErrorState] == "true"
{
mutate {
remove_field => ["Data"]
}
}
}
}
Can you please help me with the solution
TIA
Anusha
The first two fields are arrays. Try [Data][0][Scales][0][HasErrorState]
Yes that in deed works , but how can we do it with more entries than one ? dynamically
Write a ruby filter that iterates over the arrays.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.