Mutate under conditional statement is not working. any suggestion please

smeka · September 3, 2017, 2:50pm

Hi,
Need some help please.

path => [ "/var/log/jbossas/domain/server1/server.log", "/var/log/jbossas/domain/server2/server.log"]

in filter portion i used the below to create a directory to write the log file to central logging server.

grok {
match => [
"path" , "/%{WORD:jboss_profile/}/"
]
}
if [jboss_profile] == "server1" {
mutate { add_field => { "appname" => "server1" } }
mutate { add_filed => { "profile_group" => "%{appname}"}
}
if [jboss_profile] == "server2" {
mutate { add_field => { "appname" => "server2 }}
mutate { add_filed => { "profile_group" => "%{appname}"}
}

Thanks

magnusbaeck · September 4, 2017, 5:30am

Is the grok filter successfully extracting a jboss_profile field?

system · October 2, 2017, 5:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issues with if statement, grok, and mutate Logstash	1	3380	July 6, 2017
Filter conditionals not working as expected Logstash	3	301	December 27, 2020
Logstash conditional not being evaluated Logstash	3	375	October 4, 2019
Why i cant use if statement in grock block? Logstash	6	347	May 18, 2018
If condition working but not else Logstash	6	1575	May 3, 2019

Mutate under conditional statement is not working. any suggestion please

Related topics