How to use Multiple if statements in filter section of logstash configuration file

Matish_Bhuyan · May 30, 2020, 11:27pm

Hi All

Thanks a lot for your replies and the solution,Based on your solution i have changed my code in the filter section but still no changes are there in my Kibana dashboard.

The strangest part is my first condition always works ,but after that the subsequent filters aren't applicable at all to my ingested data.

And there is neither any syntax nor method error in filter part as my logstash service perfectly able to read the configuration file and able to launch the service.

PFB the updated code by making the changes as suggested above and please point put where am i making any mistake

input {
    http {
      host => "0.0.0.0"
      port => 9090
      threads => 100
    }
  }
  filter {
if [headers][request_method] == "GET" {
  drop{}
} else {
      json {
        source => "message"
    remove_field => [ "headers", "message", "host" ]
      }
      date {
        match => [ "timeStamp", "ISO8601" ]
        target => "timeStamp"
      }
      fingerprint {
        source => [ "origin", "originLogId" ]
    target => "[@metadata][fingerprint]"
        method => "SHA256"
        key => "@AUDITTRAIL-NOSQL@"
        concatenate_sources => true
      }
if [service] == ["F_N_C_R_W_N", "F_N_C_R_N"]
{
   mutate {
    update => { "service" => "F N C" }
    }
}
else if [result] == ["HIT"]
{
   mutate {
    update => { "result" => "Number of  HIT" }
    }
}
else if [result] == ["NO_HIT"]
{
   mutate {
    update => { "result" => "Number of  NO HIT" }
    }
}
else if [result] == ["REQUEST_ACCEPTED"]
{
   mutate {
    update => { "result" => "Identity Accepted" }
    }
}
else if [result] == ["REQUEST_REJECTED"]
{
   mutate {
    update => { "result" => "Identity Rejected" }
    }
}
else if [service] == ["IDENTITY_MERGE"]
{
   mutate {
    update => { "service" => "Identity merged" }
    }
}
else if [AT_VAL1] == ["APPROVED"]
{
   mutate {
    update => { "AT_VAL1" => "Number of approved requests" }
    }
}
else if [AT_VAL1] == ["NOT_APPROVED"]
{
   mutate {
    update => { "AT_VAL1" => "Number of rejected requests" }
    }
}
else if [AT_VAL1] == ["PERSONALISE"]
{
   mutate {
    update => { "AT_VAL1" => "Personalized" }
    }
}
else if [AT_VAL1] == ["DISPATCH"]
{
   mutate {
    update => { "AT_VAL1" => "Dispatched" }
    }
}
else if [AT_VAL1] == ["SECURED"]
{
   mutate {
    update => { "AT_VAL1" => "Issued" }
    }
}
else if [AT_VAL1] == ["REVOCATION"]
{
   mutate {
    update => { "AT_VAL1" => "Terminated" }
    }
}
}
  }

Topic		Replies	Views
How to create a new field combining values of other field values Logstash	37	4205	August 7, 2020
Logstash if condition skipped Logstash	18	693	August 7, 2020
Conditions and filters not applying Logstash	11	2108	September 4, 2018
Logstash pipeline multiple if statements Logstash	2	351	November 12, 2021
Filter if condition in Logstash Logstash	8	19657	July 24, 2019

How to use Multiple if statements in filter section of logstash configuration file

Related topics