Logstash conf file if else condition is not working

Suresh_Pal · March 6, 2019, 12:35pm

Team,

Vesrion 6.2

In my config file i'm trying to use different grok pattern for different prospector.

filter {
if [type] == "db_log" {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:timetamp}%{SPACE}%{NOTSPACE}%{SPACE}%{INT:line}%{SPACE}%{NOTSPACE}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}(?:- Tenant Name :)%{SPACE}%{WORD:TENANT_NAME}%{SPACE}(?:GlobalConnectionPool - Active Connections :)%{SPACE}%{WORD:Active_Connections}%{SPACE}%{NOTSPACE}%{SPACE}(?:Idle Connections :)%{SPACE}%{WORD:Idle_Connection}" ]
}
}
else if [type] == "user_access" {
grok {
match => [ "message", "%{NOTSPACE}%{SPACE}%{NOTSPACE}%{SPACE}%{WORD:USER}%{WORD}%{GREEDYDATA}" ]
}
}

else{
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timetamp}%{SPACE}%{NOTSPACE}%{SPACE}%{INT:line}%{SPACE}%{NOTSPACE}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}(?:- Tenant Name :)%{SPACE}%{WORD:TENANT_NAME}%{SPACE}%{GREEDYDATA:Message}"}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }

}

Note: fist If and last else condition is working fine but in between else if condition is not working.

Someone please help me to sort out this.

Suresh_Pal · March 11, 2019, 6:17am

Hi team,

Any update ??

Ganesh2303 · March 11, 2019, 3:17pm

Share your log whether your type value gets match with log.

system · April 8, 2019, 3:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
If Else condition based on input log lines in logstash Logstash	3	4007	July 28, 2021
If condition working but not else Logstash	6	1578	May 3, 2019
Need Help on Logstash filter If-Else Condition Logstash	1	251	July 28, 2020
Grok filter not working with if condition Logstash	1	331	December 18, 2018
How can I check loglevel with use of If else condition in logstash filter? Logstash	3	1480	October 31, 2020

Logstash conf file if else condition is not working

Related topics