If condition in logstash filter

ashok9177 · November 19, 2018, 1:45pm

I have written if the condition for grok filter

filter {
if "id4444" in [fields][component] {
  grok {
    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) %{DATA} - %{DATA:method} processing time for transactionId : %{S3_REQUEST_LINE:transactionid} documentType : %{WORD:document type} is %{INT:duration:int}" }

  match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) %{DATA} - %{DATA:method} processing time for transactionId : %{S3_REQUEST_LINE:transactionid} documentType : %{WORD:document type} merchant : %{HOSTNAME:merchant} is %{INT:duration:int}" }


 match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} \[%{WORD:loglevel}\] %{GREEDYDATA}" }
  }
}
else if "idt.512" or "idt.256"  in [fields][component] {
 grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER} (\[%{WORD:loglevel}\])" ]
}
}
else if "id2fa"  in [fields][component] {
 grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER} (\[%{WORD:loglevel}\])" ]
}
}

grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}" ]
}

if condition is working but again all fields applying the last filter also, how exclude las grok filter to above fields ?

system · December 17, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need Help on Logstash filter If-Else Condition Logstash	1	250	July 28, 2020
Logstash conf file if else condition is not working Logstash	3	403	April 8, 2019
Logstash filter fields in if conditions Logstash	5	19288	August 25, 2020
Date filter does not work Logstash	4	360	May 1, 2021
If Else in logstash filter Logstash	7	1713	November 3, 2020

If condition in logstash filter

Related Topics