Hi @Fabio-sama,
Sure, Sorry , I had an image posted, understand it isnt very clear.
Here's my current Logstash configuration:
input { tcp { port => 8443 codec => json_lines { charset => CP1252 } } } filter { if [Message] == "" { drop { } } } output { if [ApplicationName] == "OASIS" { elasticsearch { hosts => ["10.56.5.266:9200"] index => "nxlogappsoasis" } } else { elasticsearch { hosts => ["10.56.5.266:9200"] index => "nxlogapps" } }
For this my output is,
{ * "_index": "nxlogappsoasis", * "_type": "_doc", * "_id": "oeDCpHABxa029eIHyPuj", * "_version": 1, * "_score": 1, * "_source": { * "OSType": "Windows", * "@timestamp": "2020-03-04T08:56:33.592Z", * "tag_filepath": "D:\OrdersWCF\*", * "port": 53642, * "host": "ICDWP", * "SourceModuleName": "oasisdig", * "SourceModuleType": "im_file", * "@version": "1", * "EventReceivedTime": "2020-03-04 03:56:33.682089-05:00", * "ApplicationName": "OASIS", * "Message": "Timestamp: 3/4/2020 3:56:32 AM: Message: Core: ValidateBillTo Method Start - 0002309223 ---------------------------------------- ----------------------------------------", * "Technology": ".NET", * "EventName": "Oasis Event", * "Severity": "Info", * "Hostname": "ICDWP", * "tag_nxlog": "nxlog"} } { * "_index": "nxlogappsoasis", * "_type": "_doc", * "_id": "oeDCpHABxa029eIHyPuj", * "_version": 1, * "_score": 1, * "_source": { * "OSType": "Windows", * "@timestamp": "2020-03-04T08:56:33.592Z", * "tag_filepath": "D:\Orders\*", * "port": 53642, * "host": "ICDWP", * "SourceModuleName": "oasisdig", * "SourceModuleType": "im_file", * "@version": "1", * "EventReceivedTime": "2020-03-04 04:46:03.682089-05:00", * "ApplicationName": "OASIS", * "Technology": ".NET", * "EventName": "Oasis Event", * "Severity": "Info", * "Hostname": "ICDWP", * "tag_nxlog": "nxlog"} }
What i want for is if there is no message field, the second set of Jason should not come at all, instead of skipping only the Message field.
Thanks!
Katara