If(filter,output) Else(filter,output)

aannee · March 12, 2021, 2:06pm

Hi Elastic Team,

Is this possible in logstash?

input {
}
if "test" in [mesasge] 
{
      filter {}
      output {}
}
else {
     filter {}
     output {}
}

Thank you!

elasticforme · March 12, 2021, 2:58pm

no but you can do something like this

filter {
    if "test" in [message] {
           do stuff
    }
    else {
            do stuff
     }
}

aannee · March 12, 2021, 3:15pm

Thanks for answering! Just needed to ingest same data but different output.

For example. i have this fields.
name
age
bdate

I will ingest name and age only in elasticsearch. But on output file, I will ingest name, age and bdate.

Will this be possible?

elasticforme · March 12, 2021, 3:25pm

yes possible. but in first post you ask something different. in your latest post you ask something different. you have to use some logic for that

here is answer to first one

filter {
    if "test" in [message] {
           do stuff
           mutate => { add_field => { "output1" => "to elk" }
           
    }
    else {
            do stuff
           mutate => { add_field => { "output2" => "to text" }
     }
}

output {
   if [output1] {
            send output to elk
   }
   if [output2] {
           send output to somewhere else
    }
}

for second one. basically you are reading name,age,bday but you want only name,age on elk and name,age,bday on text file.

hmm.

system · April 9, 2021, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Clarification on if/else behavior in output Logstash	3	379	October 21, 2019
How to use if else statments in logstash output pipline? Logstash	9	35869	March 9, 2018
Filter if condition in Logstash Logstash	8	19412	July 24, 2019
How to use if else in logstash output Logstash	7	759	January 15, 2021
If else condition with logstash filter Elasticsearch	4	1132	March 7, 2021

If(filter,output) Else(filter,output)

Related topics