If Else condition based on input log lines in logstash

mangeshmj1992 · June 29, 2021, 4:41pm

Hi @sudo-ranjith ,
You can use below code:

In first if condition you can use unique word which is present in all log line1 but not in log line2.

for else if condition you can use unique word which is present in all log line2 but not in log line1.

if "Application" in [message]  {
        drop { }
}
else if "Workflows" in [message]{
grok{
	match => { "message" => "%{WORD:Severity}","%{DATA:ThreadID}","%{DATA:date}","%{DATA:time}",,"%{GREEDYDATA:message}" }
}
}

Topic		Replies	Views
Logstash conf file if else condition is not working Logstash	3	436	April 8, 2019
Conditional IF in logstash's filter Logstash	3	39524	June 14, 2017
Logs are not passing into the if and else if condition Logstash	3	300	August 4, 2019
Can I filter logs with if else condition? Logstash	2	1466	August 29, 2020
If/Else not working as expected in filter Logstash	3	23368	May 14, 2018

If Else condition based on input log lines in logstash

Related topics