I am on ES 7.9.2, i am writing a logstash parser to add a severity based on the risk level.
The risk_score is between 0-10 and can be to 1 decimal place
With == 0 and a risk_score of 9.3 logstash is ok. If i use >= then logstash will stop processing events.
ie
if [risk_score] >= 6 and [risk_score] < 7
mutate {
add_field => { "risk_level" => "critical" }
}
}
I cannot see what i am doing wrong with this or why it is failing. Any ideas?
I tried converting to integer but it still failed, once i removed the if code and restarted logstash the events came through but risk_score was still a decimal.
sorry thats my poor copy/paste. Logstash is refreshing with success, its only when an event that hits that part of the pipeline it fails.
Ive found another post that states that mutate runs in a specific order, its possible that the convert happens to early in the mutate. Ive seperated the convert into a seperate mutate and see what happens.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.