How can i query on the message for a particular String and then add a new Field in the output?
I tried below but seems like the message as a field doesn't work ... it must be the wrong way i am using the syntax ... help please.

input {
file {
path => "/Users/ankitpradhan/Downloads/logs/checking3"
start_position => "beginning"
}
}

filter {
grok {
match => [ "message", "[%{DATESTAMP} %{WORD:timezone}] %{WORD:componentID} %{WORD:componentName} %{WORD} %{GREEDYDATA:eventDescription}"]
add_field => [ "componentStatusDateChangeTime", "%{eventTime} %{timezone}" ]
}
if [%{eventDescription}] =~ "error" {
add_field => ["componentStatus", "ERROR"]
} else if [%{eventDescription}] =~ "warn" {
add_field => ["componentStatus", "WARNING"]
}
}

output {
stdout { codec => rubydebug }

#if "_grokparsefailure" not in [tags] {
# elasticsearch { }

}

}

if [eventDescription] =~ /error/ {
  ...
}

Thanks much ...

One more question ... do you know how I can read multi lines as one line in Logstash ...

Input is like this:
[7/2/14 9:25:51:070 CEST] 00000061 OgnlValueStac W com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn Error setting value
ognl.NoSuchPropertyException: nl.ing.eom.poi.dto.WorkItemReq.sortCode
at ognl.ObjectPropertyAccessor.setProperty(ObjectPropertyAccessor.java:132)
at com.opensymphony.xwork2.ognl.accessor.ObjectAccessor.setProperty(ObjectAccessor.java:28)
at ognl.OgnlRuntime.setProperty(OgnlRuntime.java:1656)
at ognl.ASTProperty.setValueBody(ASTProperty.java:101)
[7/2/14 9:25:54:651 CEST] 00000061 TextProviderH W com.opensymphony.xwork2.util.logging.commons.CommonsLogger warn The first TextProvider in the ValueStack (nl.ing.eom.poi.action.InquireFileAction) could not locate the message resource with key ''

And I want to have the above as two messages only and not as many lines as it appears.

multiline codec should do it ...

Yes, or the multiline filter.