I want to put my grok inside if else block of logstash I want the fields to be displayed in kibana it's executing but not displaying the actual fields

sudhir_singh · May 17, 2023, 8:48am

filter {
  if [IgmpSnooping] == "%IGMPSNOOPING-6-NO_IGMP_QUERIER" {
    grok { match => { "message" => "<%{INT:priority:int}>%{SYSLOGTIMESTAMP:timestamp}\s+%{HOSTNAME:device_name}\s+\IgmpSnooping:\s+%{DATA:IgmpSnooping}\:%{GREEDYDATA:message}" } }
  }
  else if [program] == "ConfigAgent" {
    grok { match => { "message" => "<%{POSINT:priority:int}>%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST:device_name} %{WORD:program}: %{DATA:message} sourceIP : \(%{IP:source_ip}\)" } }
  }
  
}

system · June 14, 2023, 8:49am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter fields in if conditions Logstash	5	19288	August 25, 2020
Need Help on Logstash filter If-Else Condition Logstash	1	250	July 28, 2020
Some trouble with if / else in logstash filter block Logstash	3	1063	July 6, 2017
Logstash filter not working Logstash	3	303	December 21, 2018
Logstash conf file if else condition is not working Logstash	3	403	April 8, 2019

I want to put my grok inside if else block of logstash I want the fields to be displayed in kibana it's executing but not displaying the actual fields

Related Topics