Logstash array


#1

How to add arrays or loops in the below filter....

filter {
grok {
match => { "source" => "/%{DATA:dir1}/%{DATA:dir2}/%{DATA:dir3}/%{DATA:mydata}/%{GREEDYDATA:end}" }
}
if [mydata] == "order"{
mutate { add_field => { "[@metadata][prefix]" => "order" } }
}
else if [mydata] == "merchant" {
mutate { add_field => { "[@metadata][prefix]" => "merchant" } }
}
else if [mydata] == "service" {
mutate { add_field => { "[@metadata][prefix]" => "service" } }
}
else if [mydata] == "eureka" {
mutate { add_field => { "[@metadata][prefix]" => "eureka" } }
}
else if [mydata] == "java" {
mutate { add_field => { "[@metadata][prefix]" => "java" } }
}
else if [mydata] == "nginx" {
mutate { add_field => { "[@metadata][prefix]" => "nginx" } }
}
else if [mydata] == "apache" {
mutate { add_field => { "[@metadata][prefix]" => "apache" } }
}
else if [mydata] == "messages" {
mutate { add_field => { "[@metadata][prefix]" => "messages" } }
} else {
mutate { add_field => { "[@metadata][prefix]" => "%{[@metadata][beat]}" } }
}
}

output {
elasticsearch {
hosts => localhost
index => "%{[@metadata][prefix]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}