Hi !
I'm using filebeat 7.4.0 to send linux logs to kafka.
I want to split the data from one file into 2 topics. For example data from /var/log/secure should go to topic1 if it contains "sudo" and topic2 if not.
My problem is that the "and" condition seems not working.
Here is what I tried :
As input
- type: log enabled: true paths: - /var/log/secure fields: kafka_topic: "system" test: "test"
As output
topic: "default"
topics:
- topic : "system"
when.and:
- equals:
fields.test: test
- equals:
field.kafka_topic: system
but filebeat display me :
Exiting: error initializing publisher: missing or invalid condition
I've tried several things, removing the "-", split the "when" and "and", but nothing work !
I know the condition is stupid here, but i've try each separatly and they work.
Do you have a working example for the "and" condition on kafka output ?
Regards,
Fabien