Hi there,
I am attempting to construct a logstash pipeline managed via kibana (x-pack for logstash) for iis-logs import.
I am using elastic's guide to construct my filters.
per the documentation I can use
regexp: =~, !~ (checks a pattern on the right against a string value on the left)
Are there any examples any where as to what the right hand side values would look like? Or is there a website where I can see complex examples of pipeline conditional constructs?
I am trying to do something like the following.
if "IIS Logs" in [tags] and ("xxx1" in [tags] or "xxx2" in [tags]) {
grok {
match => {"message" => "<grok1>"}
}
mutate {
add_field => { "indexname" => "iis-logs" }
}
} else if "IIS Logs" in [tags] and ("xxx1" not in [tags] and "xxx2" not in [tags]) {
grok {
match => {"message" => "<grok with different fields>"}
}
mutate {
add_field => { "indexname" => "iis-logs" }
}
}
Thanks much!