How to remove/drop entire logs after checking a condition in nested json fields

Anusha_Kusanghi · July 11, 2022, 1:04pm

Hie ,

Im trying to check a condition for nested json fields and if the condition is met I want to drop the entire data , but it is not working

Source:

"Data" => [
[0] {
"Scales" => [
[0] {
"TaskInfos" => [
[0] {
"Text1" => "",
"Text2" => ""
}
],
"HasErrorState" => true
}
]
}
]

Logstash script:
filter{
if [type] == "digital"
{
if [Data][Scales][HasErrorState] == "true"
{
mutate {
remove_field => ["Data"]
}

}
}
}

Can you please help me with the solution

TIA
Anusha

Badger · July 11, 2022, 2:07pm

The first two fields are arrays. Try [Data][0][Scales][0][HasErrorState]

Anusha_Kusanghi · July 12, 2022, 10:38am

Yes that in deed works , but how can we do it with more entries than one ? dynamically

Badger · July 12, 2022, 1:43pm

Write a ruby filter that iterates over the arrays.

system · August 9, 2022, 1:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove json object from nested log Logstash	1	449	March 14, 2023
Ruby filter to check fields dynamically Logstash	10	962	October 4, 2022
Logstash configuration \| Elimination of if loops in checking values at nested JSON keys Logstash	4	454	March 24, 2021
Remove dynamic nested field in JSON Logstash	2	654	November 9, 2018
How to remove fields with regex from json? Logstash	6	2616	January 16, 2018