Logstash.conf from 5.4 no longer working in 6.3

andrew_michael · June 28, 2018, 1:42pm

Working on my logstash.conf grok statement.

It seems the part that is not working is the final bit that says:

if [tags] == [] {
mutate {
remove_field => ["tags"]
}
}

This is logstash 6.3.

Any idea where I've gone wrong. It works in 5.4 which is what I am upgrading.

Badger · July 2, 2018, 3:32pm

That no longer works in LS 6. You can do it in ruby if having an empty array in your document offends you.

    ruby {
        code => '
            if event.get("tags") == []
                event.remove("tags")
            end
        ' 
    }

system · July 30, 2018, 3:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove array field if empty 6.1 version Logstash	4	1481	April 4, 2018
How to tell if "tags" array is empty in LS 6 Logstash	5	2501	April 18, 2018
How can I check if the "tags" array is empty? Logstash	3	5684	July 6, 2017
Logstash if condition regex not working Logstash	11	1159	August 29, 2022
Logstash If statement and grok not working Logstash	4	368	May 28, 2021