Hello,
I have to redirect some logs based on their username (the usernames are contains in the logs) to different outputs. This list has 80 entry, so it's a lot to write this in the configuration file.
I would like to know if I can base an "if" based on a file or a database (elastic, sql, whatever) and logstash will retrieve the list to apply the filter. I didn't find it in the documentation so if you have any link 
Thank you
You can use a translate filter to match the usernames, then use a conditional based on the fallback option to determine whether it matched, or if different usernames need to go to different outputs use a translate filter to determine that.
Is the elasticsearch filter plugin is not better to do this thing ? With the translate plugin I have to write all the 80 things into the configuration file .... Elasticsearch filter plugin | Logstash Reference [7.13] | Elastic
That's another option, as is a jdbc_static filter or a memcached filter. There are many ways to do the lookup.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.