Logstash conf file if else condition is not working

Suresh_Pal · March 6, 2019, 12:35pm

Team,

Vesrion 6.2

In my config file i'm trying to use different grok pattern for different prospector.

filter {
if [type] == "db_log" {
grok {
match => [ "message", "%{TIMESTAMP_ISO8601:timetamp}%{SPACE}%{NOTSPACE}%{SPACE}%{INT:line}%{SPACE}%{NOTSPACE}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}(?:- Tenant Name :)%{SPACE}%{WORD:TENANT_NAME}%{SPACE}(?:GlobalConnectionPool - Active Connections :)%{SPACE}%{WORD:Active_Connections}%{SPACE}%{NOTSPACE}%{SPACE}(?:Idle Connections :)%{SPACE}%{WORD:Idle_Connection}" ]
}
}
else if [type] == "user_access" {
grok {
match => [ "message", "%{NOTSPACE}%{SPACE}%{NOTSPACE}%{SPACE}%{WORD:USER}%{WORD}%{GREEDYDATA}" ]
}
}

else{
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timetamp}%{SPACE}%{NOTSPACE}%{SPACE}%{INT:line}%{SPACE}%{NOTSPACE}%{SPACE}%{LOGLEVEL:loglevel}%{SPACE}(?:- Tenant Name :)%{SPACE}%{WORD:TENANT_NAME}%{SPACE}%{GREEDYDATA:Message}"}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }

}

Note: fist If and last else condition is working fine but in between else if condition is not working.

Someone please help me to sort out this.

Suresh_Pal · March 11, 2019, 6:17am

Hi team,

Any update ??

Ganesh2303 · March 11, 2019, 3:17pm

Share your log whether your type value gets match with log.

system · April 8, 2019, 3:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
If Else condition based on input log lines in logstash Logstash	3	3962	July 28, 2021
If condition working but not else Logstash	6	1570	May 3, 2019
Need Help on Logstash filter If-Else Condition Logstash	1	250	July 28, 2020
How can I check loglevel with use of If else condition in logstash filter? Logstash	3	1477	October 31, 2020
Conditional Filter issue Logstash	4	314	May 14, 2020

Logstash conf file if else condition is not working

Related Topics