Less than or equal not working logstash filter and crashing

Shaiju_Sam · September 16, 2021, 3:26pm

I tried with another pattern creating a field still issue is the same

input {
  beats {
    port => 5044
  }
}
filter
{
if [fields][logtype] == "Seal_Async_Logs"
{
grok {
   match => { "message" => ".*\[TIME\] Detecting content type for file took\: %{WORD:createdetectingcontentrt}"}
}
}
if [fields][logtype] == "Seal_Async_Logs" {
mutate {
   convert => { "createdetectingcontentrt" => "integer" }
}
}
if [fields][logtype] == "Seal_Async_Logs" and [createdetectingcontentrt] < 2000 {
mutate {
    add_field => { "responsetime" => "2secs" }
}
}
}

output {
    elasticsearch {
    hosts => ["http://xx.xx.xx.xx"]
    index => "seal-test-uat-%{+YYYY.MM}"
    ilm_enabled => false
}
}

Shaiju_Sam · September 17, 2021, 10:02am

Finally it worked after I added the field again using "and" for the same field

if [fields][logtype] == "Seal_Async_Logs" and ([createdetectingcontentrt] < 2000 and [createdetectingcontentrt] < 2000)  {
mutate {
    add_field => { "responsetime" => "2secs" }
}
}

system · October 15, 2021, 10:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.