Is this still valid syntax for grok filters?

Elastic Stack Logstash
1

I want to make sure I identify the that the logs are coming from nginx before processing this grok filter, is this syntax still valid in version 7x?

filter {
  if [program] == "nginx_access" {
     grok {
         match => { "message" => "%{NGINX_ACCESS}" }
    }
  }
  elseif [program] == "nginx_error" {
     grok {
         match => { "message" => "%{NGINX_ERROR}" }
    }
  }

Or should I use source, my logs are coming via a filebeat shipper

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.