Logstash Comparing Field Values Using an If Statement not working

bardie · October 8, 2020, 1:38pm

Hi,

I am trying to compare two fields using the following method but it is not working. I have used it before using an older version of logstash and it worked but it is not working on logstash 7.9.2.

Logstash cannot be able to compare values in two different fields:

Example:
old_user = john
new_user = john

Will result in the creation of the field_change field even though the fields have the same value.

Below is the code:

    if [old_USER] != "%{new_USER}" {
          mutate {
              add_field => { "field_change" => "user" }
         }
    }

Badger · October 8, 2020, 3:16pm

Why not use

if [old_USER] != [new_USER] {

bardie · October 9, 2020, 6:12am

This worked. Thanks

system · November 6, 2020, 6:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - comparison 2 fields Logstash	3	595	January 11, 2022
Issue with a conditional statement Logstash	12	569	March 4, 2022
If statement within logstash Logstash	4	764	June 29, 2020
Filter if condition in Logstash Logstash	8	19413	July 24, 2019
Field value equal to 0 not recognized in a IF statetement Logstash	4	611	October 14, 2020

Logstash Comparing Field Values Using an If Statement not working

Related topics