Logstatsh Conditional Filter is not working

John_snow · March 21, 2022, 7:46pm

I'm trying to apply condional filtering in logstash but it is not working.
My log looks like

"record": {
                     "field1": "abc",
                     "field2": "/value"
        }

Filter Condition

if [record][field2] == "/value" {
                                                        drop {}
                                                }

any suggestion?

aaron-nimocks · March 22, 2022, 11:59am

That should work. I tested using the below.

Conf

input {
    generator {
        lines => [ '{ "record": { "field1": "abc", "field2": "/value"} }' ]
        codec => json
        count => 1
    }
}
filter {
  if [record][field2] == "/value" {
    mutate { add_tag => "condition met" }
  } else {
    mutate { add_tag => "condition not met" }
  }

}
output {
  stdout { codec => json }
}

Output

{
    "tags": [
        "condition met"
    ],
    "@timestamp": "2022-03-22T11:57:39.257Z",
    "record": {
        "field1": "abc",
        "field2": "/value"
    },
    "@version": "1",
    "host": "MacBook-Pro",
    "sequence": 0
}

John_snow · March 22, 2022, 1:23pm

Thanks. That's very helpful

system · April 19, 2022, 1:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash conditional not being evaluated Logstash	3	375	October 4, 2019
Conditional filtering not working in logstash Logstash	13	5506	March 6, 2019
If condition working but not else Logstash	6	1578	May 3, 2019
Conditional apply of filter Logstash	4	1263	July 6, 2017
Issues with Logstash Conditionals inside filter Logstash	7	374	May 10, 2019

Logstatsh Conditional Filter is not working

Related topics