Logstash translate filter dynamic substitution

Priya_Darshini · May 3, 2018, 7:04am

Hi,
I have a yml file that has input like
"John" : "yes"

In logstash conf file I should check if the incoming event has name as John and if the value of John is "yes" then I should drop the message.
My conf file looks like this:

filter {
translate {
field => "name"
destination => "value"
dictionary_path => "/etc/logstash/conf.d/ssid_status.yml"
}

    if [name] == "%{name}" {
      if [ "%{name}" => "%{value}" ] == "yes" {
        drop { }
      }
    }

}

But my filter doesnt work. Ideally it should read the yml file and should have the value of John as "yes" and should drop the message
It does not come to the second If condition. How do I evaluate the value of John and drop the message?
Logstash version: 6.x

magnusbaeck · May 3, 2018, 5:24pm

So you want to drop events that can be looked up in ssid_status.yml and where the lookup result is "yes"? If yes, a simple

if [value] == "yes" {

will do.

system · May 31, 2018, 5:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.