I'm trying to apply condional filtering in logstash but it is not working.
My log looks like
"record": {
"field1": "abc",
"field2": "/value"
}
Filter Condition
if [record][field2] == "/value" {
drop {}
}
any suggestion?
That should work. I tested using the below.
Conf
input {
generator {
lines => [ '{ "record": { "field1": "abc", "field2": "/value"} }' ]
codec => json
count => 1
}
}
filter {
if [record][field2] == "/value" {
mutate { add_tag => "condition met" }
} else {
mutate { add_tag => "condition not met" }
}
}
output {
stdout { codec => json }
}
Output
{
"tags": [
"condition met"
],
"@timestamp": "2022-03-22T11:57:39.257Z",
"record": {
"field1": "abc",
"field2": "/value"
},
"@version": "1",
"host": "MacBook-Pro",
"sequence": 0
}
Thanks. That's very helpful
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.