Logstash if and Mutate hostname

Sinethra_Seneviratne · June 22, 2017, 12:07pm

hi, im trying to filter my S3 logs and change Original value of the " cs_host " field to a different one, This is the filter block of my Logstash conf. But this isn't working. Please let me know whats wrong here.

filter {
grok {
match => { "message" => "%{S3_ACCESS_LOG}"}
}
date {
locale => "en"
match => ["timestamp", "d/MMM/YYYY:HH:mm:ss Z"]
}
if [cs_host] == "host1.example.com" {
mutate {
replace => [ "cs_host", "host1" ]
}
}
if [cs_host] == "host2.example.com" {
mutate {
replace => [ "cs_host", "host2" ]
}
}
}

magnusbaeck · June 22, 2017, 12:40pm

Please show an example event produced by Logstash. Use a stdout { codec => rubydebug } output.

system · July 20, 2017, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash filter not working Logstash	3	303	December 21, 2018
Logstash filter fields in if conditions Logstash	5	19449	August 25, 2020
How to parse a hostname Logstash	3	3473	July 6, 2017
Logstash filter help pleas Logstash	3	252	April 14, 2023
Logstash compare one field with multiple value (string) Logstash	6	11576	July 6, 2017

Logstash if and Mutate hostname

Related topics