I want to put my grok inside if else block of logstash I want the fields to be displayed in kibana it's executing but not displaying the actual fields

sudhir_singh · May 17, 2023, 8:48am

filter {
  if [IgmpSnooping] == "%IGMPSNOOPING-6-NO_IGMP_QUERIER" {
    grok { match => { "message" => "<%{INT:priority:int}>%{SYSLOGTIMESTAMP:timestamp}\s+%{HOSTNAME:device_name}\s+\IgmpSnooping:\s+%{DATA:IgmpSnooping}\:%{GREEDYDATA:message}" } }
  }
  else if [program] == "ConfigAgent" {
    grok { match => { "message" => "<%{POSINT:priority:int}>%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:device_name} %{WORD:program}: %{DATA:message} sourceIP : \(%{IP:source_ip}\)" } }
  }
  
}

system · June 14, 2023, 8:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.