If condition in logstash filter

ashok9177 · November 19, 2018, 1:45pm

I have written if the condition for grok filter

filter {
if "id4444" in [fields][component] {
  grok {
    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) %{DATA} - %{DATA:method} processing time for transactionId : %{S3_REQUEST_LINE:transactionid} documentType : %{WORD:document type} is %{INT:duration:int}" }

  match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} (\[%{WORD:loglevel}\]) %{DATA} - %{DATA:method} processing time for transactionId : %{S3_REQUEST_LINE:transactionid} documentType : %{WORD:document type} merchant : %{HOSTNAME:merchant} is %{INT:duration:int}" }


 match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} \[%{WORD:loglevel}\] %{GREEDYDATA}" }
  }
}
else if "idt.512" or "idt.256"  in [fields][component] {
 grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER} (\[%{WORD:loglevel}\])" ]
}
}
else if "id2fa"  in [fields][component] {
 grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{NUMBER} (\[%{WORD:loglevel}\])" ]
}
}

grok {

    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} %{WORD:loglevel}" ]
}

if condition is working but again all fields applying the last filter also, how exclude las grok filter to above fields ?

system · December 17, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok filter not working with if condition Logstash	1	331	December 18, 2018
Need Help on Logstash filter If-Else Condition Logstash	1	251	July 28, 2020
Grok Expression in If condition Filter Logstash	5	8713	July 6, 2017
Logstash filters and booleans Logstash	1	889	July 6, 2017
Grok filter if [type] Logstash	5	6103	January 16, 2017

If condition in logstash filter

Related topics