IF ELSE in Logstash INPUT

froto · February 15, 2017, 6:58am

Hey there,

at the moment many different systems were sending logs on port 514

Does anyone know if it is possible to declare different type direktly in the input section?

Something like:

input {
udp {
port => "514"
if [grok{ patterns_dir => [ "/opt/logstash/patterns" ]
match => [
"message", "%{SYSLOG5424PRI}%{NUMBER}: %{CISCOTIMESTAMP}%{CISCOTIMEZONE}]
}]
{
type => "cisco"
}
}

magnusbaeck · February 15, 2017, 7:02am

No, but you can change the type in the filter section.

system · March 15, 2017, 7:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.