Logstash translate filter dynamic substitution

Priya_Darshini · May 3, 2018, 7:04am

Hi,
I have a yml file that has input like
"John" : "yes"

In logstash conf file I should check if the incoming event has name as John and if the value of John is "yes" then I should drop the message.
My conf file looks like this:

filter {
translate {
field => "name"
destination => "value"
dictionary_path => "/etc/logstash/conf.d/ssid_status.yml"
}

    if [name] == "%{name}" {
      if [ "%{name}" => "%{value}" ] == "yes" {
        drop { }
      }
    }

}

But my filter doesnt work. Ideally it should read the yml file and should have the value of John as "yes" and should drop the message
It does not come to the second If condition. How do I evaluate the value of John and drop the message?
Logstash version: 6.x

magnusbaeck · May 3, 2018, 5:24pm

So you want to drop events that can be looked up in ssid_status.yml and where the lookup result is "yes"? If yes, a simple

if [value] == "yes" {

will do.

system · May 31, 2018, 5:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Drop filter not working Logstash	4	1737	July 6, 2017
Translate filter is not working Logstash	5	815	June 4, 2018
Logstash Filter Conditional Usage Logstash	3	276	July 10, 2019
Drop if message contains text from a List of Strings Logstash	2	6856	September 4, 2018
Dynamic Input for drop plugin Logstash	3	323	May 10, 2019

Logstash translate filter dynamic substitution

Related topics