IF ELSE in Logstash INPUT

froto · February 15, 2017, 6:58am

Hey there,

at the moment many different systems were sending logs on port 514

Does anyone know if it is possible to declare different type direktly in the input section?

Something like:

input {
udp {
port => "514"
if [grok{ patterns_dir => [ "/opt/logstash/patterns" ]
match => [
"message", "%{SYSLOG5424PRI}%{NUMBER}: %{CISCOTIMESTAMP}%{CISCOTIMEZONE}]
}]
{
type => "cisco"
}
}

magnusbaeck · February 15, 2017, 7:02am

No, but you can change the type in the filter section.

system · March 15, 2017, 7:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuration with multiple types Logstash	2	775	March 14, 2018
So..what do I use with 2.0 now that "type" is gone? Logstash	5	666	July 6, 2017
What is the purpose of type field in Input section Logstash	18	8901	July 6, 2017
Separate device in logstash based on the destination port Logstash	1	223	July 25, 2022
Manage different type of logs with logstash Logstash	5	310	October 26, 2020

IF ELSE in Logstash INPUT

Related topics