Need Help on Logstash filter If-Else Condition

Kim_Mendoza · June 30, 2020, 3:12pm

Please check my Logstash filter config. I cannot find my error logs cannot transfer to elasticsearch.

filter {
if [fields][logtype] == "access.log" {
grok {
match => [ "message", "%{WORD:host} %{WORD:host}[ "%{NOTSPACE:Domain}" ] %{WORD:remote} %{WORD:remote}[ (?<x_forwarded_for>%{IP:clientip}(?:, [^,]+)*)?%{DATA} [%{MONTHDAY}[./-]%{MONTH}[./-]%{YEAR}:%{TIME} %{ISO8601_TIMEZONE}] / %{IP:localIP}] %{WORD:request}[ "%{WORD:request} %{URIPATHPARAM} HTTP/%{NUMBER:httpversion}" ] %{WORD:Code} %{WORD:Code}[ %{NUMBER:response} ]" ]
overwrite => [ "message" ]
}
}

    mutate {
            add_field => {"nameserver" => "%{[fields][platform]}-%{[host][name]}"}

          }

}

system · July 28, 2020, 3:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.