Logstash configuration input error with if statement

Badger · August 23, 2020, 11:32pm

Note that you could do it using a single pipeline, but this is a terrible idea, since if you get anything wrong it sets up an infinite loop, like this

input {
     beats { port => 5044 }
     tcp { port => 5144 codec => cef {} }
}
output {
    if "forcepoint" in [tags] {
        tcp { port => 5144 }
    } else {
        elasticsearch { ... }
    }
}

Where you might get away with

input {
    beats { port => 5044 }
    tcp { port => 5144 codec => cef {} tags => [ "decoded" ] }
}
output {
    if "forcepoint" in [tags] and "decoded" not in [tags] {
        tcp { port => 5144 }
    } else {
        elasticsearch { ... }
    }
}

Topic		Replies	Views
Problem with an IF statement not working Logstash	11	183	February 21, 2024
Output IF ELSE configuration error Logstash	8	35827	July 6, 2017
If Else in Logstash Logstash	11	22491	March 7, 2017
Conditional Filter issue Logstash	4	314	May 14, 2020
If condition not working Logstash	9	833	April 2, 2020

Logstash configuration input error with if statement

Related topics