input
input {
beats {
port => 5044
}
}
Filter
csv{
separator => ","
columns => ["DateTime" ,"hname" ,"uname" ,"cwd","fname","line"]
}
Output
if [line] in ["Delhi" , "Mumbai", "Chennai", "Kolkata" , "Hydrabad" ,"Pune"]{
email{
}
}
the problem i m facing is that the line tag may contain this
if first case found it trigger mail
in second case it do nothing
please help me i stuck here from very long time
Please show
stdout { codec => rubydebug } output).my input lines form file is this
2018-04-17T18:40:17+0530,ip-10-0-1-14,root,loyal,quotes.txt,Delhi
2018-04-17T18:40:17+0530,ip-10-0-1-14,root,honest,quotes.txt,Delhi 06
2018-04-17T18:40:17+0530,ip-10-0-1-14,root,satisfied,quotes.txt,Delhi 53
2018-04-17T18:40:17+0530,ip-10-0-1-14,root,confident,quotes.txt,Mumbai 02
2018-04-17T18:40:17+0530,ip-10-0-1-14,root,success,quotes.txt,Mumbai
my out put is in
stdout { codec => rubydebug }
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "confident",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.956Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,confident,quotes.txt,Mumbai 02",
"path" => "/home/root3460/input1",
"line" => "Mumbai 02"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "satisfied",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.955Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,satisfied,quotes.txt,Delhi 53",
"path" => "/home/root3460/input1",
"line" => "Delhi 53"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "confident",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.956Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,confident,quotes.txt,Mumbai 02",
"path" => "/home/root3460/input1",
"line" => "Mumbai 02"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "satisfied",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.955Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,satisfied,quotes.txt,Delhi 53",
"path" => "/home/root3460/input1",
"line" => "Delhi 53"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "loyal",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.945Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,loyal,quotes.txt,Delhi",
"path" => "/home/root3460/input1",
"line" => "Delhi"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "honest",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.955Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,honest,quotes.txt,Delhi 06",
"path" => "/home/root3460/input1",
"line" => "Delhi 06"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "success",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.956Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,success,quotes.txt,Mumbai",
"path" => "/home/root3460/input1",
"line" => "Mumbai"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "loyal",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.945Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,loyal,quotes.txt,Delhi",
"path" => "/home/root3460/input1",
"line" => "Delhi"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "honest",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.955Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,honest,quotes.txt,Delhi 06",
"path" => "/home/root3460/input1",
"line" => "Delhi 06"
}
{
"fname" => "quotes.txt",
"uname" => "root",
"cwd" => "success",
"hname" => "ip-10-0-1-14",
"DateTime" => "2018-04-17T18:40:17+0530",
"@timestamp" => 2018-05-08T12:42:45.956Z,
"@version" => "1",
"host" => "Latitude-3460",
"message" => "2018-04-17T18:40:17+0530,ip-10-0-1-14,root,success,quotes.txt,Mumbai",
"path" => "/home/root3460/input1",
"line" => "Mumbai"
}
Okay, and where are the "Delhi OR Mumbai" entries you had issues with?
Delhi OR Mumbai is not coming together
issue is when Delhi comes with some number or character like
Delhi 06 or Delhi 53 or Mumbai 02
mention in above input line
it is consider as FALSE
mean not going for email
but if only Delhi or Mumbai comes alone then mail trigger
Delhi OR Mumbai is not coming together
issue is when Delhi comes with some number or character like
Delhi 06 or Delhi 53 or Mumbai 02
mention in above input line
Okay. Then I understand what you mean, but your first post still doesn't make any sense.
it is consider as FALSE
mean not going for email
but if only Delhi or Mumbai comes alone then mail trigger
You can e.g. use a mutate filter's gsub option to delete the trailing digits from the field and use that field in your comparison. If you don't want to touch the original field you can first copy the line field into a temporary field and remove the digits from there.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.