Logstatsh Conditional Filter is not working

John_snow · March 21, 2022, 7:46pm

I'm trying to apply condional filtering in logstash but it is not working.
My log looks like

"record": {
                     "field1": "abc",
                     "field2": "/value"
        }

Filter Condition

if [record][field2] == "/value" {
                                                        drop {}
                                                }

any suggestion?

aaron-nimocks · March 22, 2022, 11:59am

That should work. I tested using the below.

Conf

input {
    generator {
        lines => [ '{ "record": { "field1": "abc", "field2": "/value"} }' ]
        codec => json
        count => 1
    }
}
filter {
  if [record][field2] == "/value" {
    mutate { add_tag => "condition met" }
  } else {
    mutate { add_tag => "condition not met" }
  }

}
output {
  stdout { codec => json }
}

Output

{
    "tags": [
        "condition met"
    ],
    "@timestamp": "2022-03-22T11:57:39.257Z",
    "record": {
        "field1": "abc",
        "field2": "/value"
    },
    "@version": "1",
    "host": "MacBook-Pro",
    "sequence": 0
}

John_snow · March 22, 2022, 1:23pm

Thanks. That's very helpful

system · April 19, 2022, 1:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
If condition working but not else Logstash	6	1569	May 3, 2019
Filter if condition in Logstash Logstash	8	19400	July 24, 2019
Logstash tags conditional issue Logstash	4	270	April 5, 2019
Condition filter not working after upgrading to logstash8 Logstash	6	194	November 9, 2022
Logstash filter not working Logstash	3	577	January 23, 2023

Logstatsh Conditional Filter is not working

Related Topics