Hello
I wanted to suppose we have a log and w define custom fields for the same and implement grok on it then on basis of a particular field as defined in the custom pattern how can we implement conditional cases on basis of the field as specified in the custom pattern.
Regards
Gaurav
I am not sure I understand what you mean. It would be a lot easier if you could provide a concrete example.
Sep 13 09:59:43 hostname postfix/smtp[15739]: id: to=<to address@gmail.com>, relay=gmail-smtp-in.l.google.com[hostip]:25, delay=1.9, delays=0.17/0/0.73/0.98, dsn=2.0.0, status=sent
suppose this is the log
now the third field is named program in my custom pattern.
I have four types of program and all this four types have different log format.
Now I want to implement the specific grok filters by using conditions on the basis of these program types.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.