Logstatsh Conditional Filter is not working

John_snow · March 21, 2022, 7:46pm

I'm trying to apply condional filtering in logstash but it is not working.
My log looks like

"record": {
                     "field1": "abc",
                     "field2": "/value"
        }

Filter Condition

if [record][field2] == "/value" {
                                                        drop {}
                                                }

any suggestion?

aaron-nimocks · March 22, 2022, 11:59am

That should work. I tested using the below.

Conf

input {
    generator {
        lines => [ '{ "record": { "field1": "abc", "field2": "/value"} }' ]
        codec => json
        count => 1
    }
}
filter {
  if [record][field2] == "/value" {
    mutate { add_tag => "condition met" }
  } else {
    mutate { add_tag => "condition not met" }
  }

}
output {
  stdout { codec => json }
}

Output

{
    "tags": [
        "condition met"
    ],
    "@timestamp": "2022-03-22T11:57:39.257Z",
    "record": {
        "field1": "abc",
        "field2": "/value"
    },
    "@version": "1",
    "host": "MacBook-Pro",
    "sequence": 0
}

John_snow · March 22, 2022, 1:23pm

Thanks. That's very helpful

Topic		Replies	Views
Conditional filtering not working in logstash Logstash	13	5620	March 6, 2019
Logstash conditional not being evaluated Logstash	3	410	October 4, 2019
Can't make conditionnal filtering to work Logstash	7	1419	December 5, 2016
Issues with Logstash Conditionals inside filter Logstash	7	427	May 10, 2019
Conditional IF in logstash's filter Logstash	3	39527	June 14, 2017

Logstatsh Conditional Filter is not working

Related topics