Logstash advanced pipeline examples

ezmani · April 17, 2018, 2:57pm

Hi there,

I am attempting to construct a logstash pipeline managed via kibana (x-pack for logstash) for iis-logs import.

I am using elastic's guide to construct my filters.

per the documentation I can use

regexp: =~, !~ (checks a pattern on the right against a string value on the left)

Are there any examples any where as to what the right hand side values would look like? Or is there a website where I can see complex examples of pipeline conditional constructs?

I am trying to do something like the following.

if "IIS Logs" in [tags] and ("xxx1" in [tags] or "xxx2" in [tags])  {
        grok {
            match => {"message" => "<grok1>"}
        }
        mutate {
            add_field => { "indexname" => "iis-logs" }
        }
    } else if "IIS Logs" in [tags] and ("xxx1" not in [tags] and "xxx2" not in [tags]) {
        grok {
            match => {"message" => "<grok with different fields>"}
        }
        mutate {
            add_field => { "indexname" => "iis-logs" }
        }    
    }

Thanks much!

magnusbaeck · April 17, 2018, 6:52pm

Are there any examples any where as to what the right hand side values would look like?

The patterns the documentation is talking about are regular expressions. There are countless examples of and tutorials for those.

ezmani · May 11, 2018, 11:29am

Thanks! sorry for the delayed response!

system · June 8, 2018, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.