Logstash filter problem

I have one log file with two different format, And now, I want to match them together ,and I write logstash-filter in below way.

filter{
	if [type] == "test" {
		grok {
                	match => {"message" => "%{WORD:logger}\s+%{GREEDYDATA:information}"}
                	if [logger] == "api_playlist" {
                		grok {
                			match => {"information" => "%{GREEDYDATA:test1}"}
                		}
                	}

                	else if [logger] == "grpc_playlist" {
                		grok {
                			match => {"information" => "%{GREEDYDATA:test2}"}
                		}
                	}

		}
        		
	}
}

AND my log file is

api_playlist 2017-12-20 09:26:37 0f957a40 null amzn1.account.AGYYSC3H4MWTZXRZHT4SQWP67AHA Discover null undefined Done 0.346
2017-12-20 09:26:56 0ff2cdbf null amzn1.account.AEOIL2NUCQRJI23M7UH3BXS2QN5Q Discover null undefined Done 0.251
grpc_playlist 2017-12-20 09:26:37 0f957a40 null amzn1.account.AGYYSC3H4MWTZXRZHT4SQWP67AHA Discover null undefined Done 0.346
2017-12-20 09:26:56 0ff2cdbf null amzn1.account.AEOIL2NUCQRJI23M7UH3BXS2QN5Q Discover null undefined Done 0.251

But I failed,What's my problem or Anyway else can meet my require?
THANKS!

You can not have conditionals within a filter. You can however specify a list of grok patterns in a grok filter. When you do this the default behaviour is that it tests the expressions one by one and stops processing as soon as a match is found.

Thank you for your reply,That's WORK!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.