Hello I am trying to ingest into Elasticsearch if the documents dont have couple of tags, but some how still the documents are getting persisted if the tags present. below is my code .The tags with "_split_type_failure" are still getting ingested into ES.
output {
if "_xmlparsefailure" not in [tags] or "_split_type_failure" not in [tags] {
elasticsearch {
hosts =>
index =>""
}
}
}
Do you get what you want if you replace or with || ?
Do you get what you want if you replace or with || ?
I'd expect a syntax error. or is the correct operator for logical OR.
You should probably use and instead of or. As it stands, an event with a _split_type_failure tag will be indexed unless it also has an _xmlparsefailure tag.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.