Logstash output IF conditions not working with JMS input

Hi I am new to ELK Stack and I have working solutions for logstash for one index output but now i have multiple microservices sending logs to same JMS JNDI Name using Solace queue but I want to output them in separate indexes in logstash

I have two questions:

  1. How can i make IF Else condition work in Logstash Output?
  2. How do i add one of the field named xyz which has description of which microservice this logs belongs to in IF condition so we can separate them in diff indexes?

Please help me. Thank you
SampleLOG:
{
"Date": "3/23/2020 7:22:13 PM",
"Level": "WARN",
"xyz": "generator",
"Message": "Route matched with {action = "GetState", controller = "Service"}",
"Location": "Some Path for file location (file:///C://repo//testsolution//appender//log4net//generator.cs):70)"
}
{
"Date": "3/22/2020 7:26:13 PM",
"Level": "INFO",
"xyz": "publisher",
"Message": "Route matched with {action = "GetState", controller = "Service"}",
"Location": "Some Path for file location (file:///C://repo//testsolution//appender//log4net//publisher.cs):70)"
}

Logstash CONF:
input {
jms {
# Logstash Configuration Settings.
include_header => true
include_properties => true
include_body => true
use_jms_timestamp => false
destination => "QUEUE_NAME"
pub_sub => false
# JNDI Settings
jndi_name => "JNDI_NAME"
jndi_context => {
JNDI_CONTEXT
}
require_jars => [JAR PATH]
}
}
filter {
json {
source => "message"
target => "log"
}
}
output {
if [log][xyz] == "generator" {
elasticsearch{
hosts => [HOST]
index => "generator-"
}
}
Else if [log][xyz] == "publisher"{
elasticsearch{
hosts => [HOST]
index => "publisher-"
}
}
}`

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.