If(filter,output) Else(filter,output)

aannee · March 12, 2021, 2:06pm

Hi Elastic Team,

Is this possible in logstash?

input {
}
if "test" in [mesasge] 
{
      filter {}
      output {}
}
else {
     filter {}
     output {}
}

Thank you!

elasticforme · March 12, 2021, 2:58pm

no but you can do something like this

filter {
    if "test" in [message] {
           do stuff
    }
    else {
            do stuff
     }
}

aannee · March 12, 2021, 3:15pm

Thanks for answering! Just needed to ingest same data but different output.

For example. i have this fields.
name
age
bdate

I will ingest name and age only in elasticsearch. But on output file, I will ingest name, age and bdate.

Will this be possible?

elasticforme · March 12, 2021, 3:25pm

yes possible. but in first post you ask something different. in your latest post you ask something different. you have to use some logic for that

here is answer to first one

filter {
    if "test" in [message] {
           do stuff
           mutate => { add_field => { "output1" => "to elk" }
           
    }
    else {
            do stuff
           mutate => { add_field => { "output2" => "to text" }
     }
}

output {
   if [output1] {
            send output to elk
   }
   if [output2] {
           send output to somewhere else
    }
}

for second one. basically you are reading name,age,bday but you want only name,age on elk and name,age,bday on text file.

hmm.

system · April 9, 2021, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.