Sample logstash message
{
"@version": "1",
"agent": {
"type": "filebeat",
"hostname": "83b529353ae1",
"ephemeral_id": "1df074c7-acb2-4c57-897d-143403cd5af9",
"version": "7.1.1",
"id": "61831d51-b5a3-47bf-96e8-99e151078ce0"
},
"host": {
"name": "83b529353ae1"
},
"input": {
"type": "docker"
},
"ecs": {
"version": "1.0.0"
},
"log": {
"offset": 76271,
"file": {
"path": "/usr/share/dockerlogs/data/a842ff11e4afe04e80b8863d34ee9a8b57007e5f9121ffded96272ddbe86dec3/a842ff11e4afe04e80b8863d34ee9a8b57007e5f9121ffded96272ddbe86dec3-json.log"
}
},
"container": {
"image": {
"name": "783811678347.dkr.ecr.us-west-2.amazonaws.com/impact-net-v3:52@sha256:16822f5b02f0b797aafc3ff74c19b73350b0da5d049ec91737c5c9e4c58268a6"
},
"name": "impact-net-v3_impact-net.1.m3muxrphxkah4br4sybe16rhx",
"id": "a842ff11e4afe04e80b8863d34ee9a8b57007e5f9121ffded96272ddbe86dec3",
"labels": {
"com_docker_swarm_task_name": "impact-net-v3_impact-net.1.m3muxrphxkah4br4sybe16rhx",
"com_docker_swarm_task": "",
"SERVICE_NAME": "impact-net",
"com_docker_swarm_service_name": "impact-net-v3_impact-net",
"com_docker_swarm_node_id": "w1sn9esxmvn3yvxxm7th9zwo8",
"SERVICE_TAGS": "production,sso,java",
"com_docker_swarm_task_id": "m3muxrphxkah4br4sybe16rhx",
"com_docker_swarm_service_id": "xekejqmc3kfmfdialapvn37y0",
"com_docker_stack_namespace": "impact-net-v3"
}
},
"message": "Jun 26, 2019 8:22:12 AM com.impactorder.impactnetv3.plugins.PartnerLogin ",
"@timestamp": "2019-06-26T15:22:12.073Z",
"stream": "stderr",
"tags": [
"beats_input_codec_plain_applied"
]
}
So far I've tried
if [docker][container][labels][SERVICE_TAGS] =~ "production"
if [SERVICE_TAGS] in [docker][container][labels]
if "production" in [docker][container][labels][SERVICE_TAGS]
if [docker][container][labels][com_docker_stack_namespace] == "impact-net-v3"
Nothing seems to work. As soon as I enable any of the output conditionals all output stops