Logstash if and Mutate hostname

Sinethra_Seneviratne · June 22, 2017, 12:07pm

hi, im trying to filter my S3 logs and change Original value of the " cs_host " field to a different one, This is the filter block of my Logstash conf. But this isn't working. Please let me know whats wrong here.

filter {
grok {
match => { "message" => "%{S3_ACCESS_LOG}"}
}
date {
locale => "en"
match => ["timestamp", "d/MMM/YYYY:HH:mm:ss Z"]
}
if [cs_host] == "host1.example.com" {
mutate {
replace => [ "cs_host", "host1" ]
}
}
if [cs_host] == "host2.example.com" {
mutate {
replace => [ "cs_host", "host2" ]
}
}
}

magnusbaeck · June 22, 2017, 12:40pm

Please show an example event produced by Logstash. Use a stdout { codec => rubydebug } output.

system · July 20, 2017, 12:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.