Logstash pipeline multiple if statements

Robin020 · October 14, 2021, 2:25pm

Hello,

I am trying create multiple if statements in the filter section in my pipeline config but I have no success with that.

This works (with one if statement)

filter {
  json {
      source => "message"
  }
  split { field => "[data][TABLE_neighbor][ROW_neighbor]"  }

  if "172.1.1.1" in [host] or "172.1.1.2" in [host] or "172.1.1.3" in [host] or "172.1.1.4" in [host] {
      mutate {
          add_tag => [ "test" ]
      }
}
}

This doesn't work:

filter {
  json {
      source => "message"
  }
  split { field => "[data][TABLE_neighbor][ROW_neighbor]"  }

  if "172.1.1.1" in [host] or "172.1.1.2" in [host] or "172.1.1.3" in [host] or "172.1.1.4" in [host] {
      mutate {
          add_tag => [ "test" ]
      }
}
  if "true" in [data.TABLE_neighbor.ROW_neighbor.up] {
      mutate {
           add_field => { "testfield" => "1"  }
      }
}
}

What wrong with this filter? How can I use multiple if statements for different fields?

Regards,
Robin

Badger · October 15, 2021, 5:02pm

Your split filter suggests you have a field called [data][TABLE_neighbor][ROW_neighbor] (in elasticsearch or kibana you would call that data.TABLE_neighbor.ROW_neighbor) so it seems likely that your second if should be

if "true" in [data][TABLE_neighbor][ROW_neighbor][up] {

system · November 12, 2021, 5:03pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use Multiple if statements in filter section of logstash configuration file Logstash	13	25017	July 10, 2020
If statement within logstash Logstash	4	764	June 29, 2020
Puting multiple if conditionals into loop Logstash	2	314	February 12, 2021
Logstash or condition in if statement Logstash	3	62555	January 31, 2017
IF with multiple OR Logstash	10	1113	April 13, 2018

Logstash pipeline multiple if statements

Related topics