Hello
I wanted to suppose we have a log and w define custom fields for the same and implement grok on it then on basis of a particular field as defined in the custom pattern how can we implement conditional cases on basis of the field as specified in the custom pattern.
Regards
Gaurav
I am not sure I understand what you mean. It would be a lot easier if you could provide a concrete example.
Sep 13 09:59:43 hostname postfix/smtp[15739]: id: to=<to address@gmail.com>, relay=gmail-smtp-in.l.google.com[hostip]:25, delay=1.9, delays=0.17/0/0.73/0.98, dsn=2.0.0, status=sent
suppose this is the log
now the third field is named program in my custom pattern.
I have four types of program and all this four types have different log format.
Now I want to implement the specific grok filters by using conditions on the basis of these program types.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.