Hi all,
I am trying to create an if-statement within my logstash filter. If follow the documentation on https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
But somehow I am unable to get this working. What I am trying to do is the following:
If field x has value a then add_field y with value b else add_field y with value c
Can someone please help me? thank you
if you have problem with if-else syntax, then try following code inside your filter plugin:
if [x] == "a" {
mutate {
add_field => {"y" => "b"}
}
}
else {
mutate {
add_field => {"y" => "c"}
}
}Thank you chitreshg. That almost did the trick. I have a solutions which works fine now. I want to share with the community:
Right now I do the following: first add_field y with value a. after that the if statement, which looks like
mutate {
add_field => {"y" => a}
}
if [field_x] == "h" {
mutate {
update => {"y" => b}
}
}
else {
mutate {
update => {"y" => c}
}
}
1 Like
if you already have some value in any field then on adding any new value it appends the new value and creates array, so you can use update or replace,
in my case I suggested for adding new value on new field, any how both will work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.