Hi,
I am trying to find out if there's a way for me to generate a Conditional IN based output
from incoming Apache Log response codes.
I want to compare the Codes from a Declared List/Array of Codes
My config is;
input {
beats { port => "5044" }
}
filter {
grok { match => { "message" => "%{COMBINEDAPACHELOG}" } }
}
output {
if [response] in ["200","202"] {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
}
The above works fine, but I want to do something like,
output {
if [response] in [VALID_RESPONSE_CODES_] {
elasticsearch { hosts => [ "localhost:9200" ] }
}
if [response] in [INVALID_RESPONSE_CODES_] {
....
}
}
How do I declare the above two (VALID_RESPONSE_CODES) as Arrays (List) in the Config file.
Ideally, I would like these to be separate conf files with just these two arrays declared ?
Any help is greatly appreciated.
thanks