Parsing csv and conditions

Khuman · December 6, 2019, 10:19am

I'm using elastic stack 7.3.2. I need to use working logstash config on new version. This one construction work perfect on version 6.5.0, but don't work on 7.3.2
filter {
csv {
columns => ["column1","column2","column3","column4"]
separator => ", "
quote_char=> "'"
source => "log"
}
if [column2] == "" {
drop{}
}
if ![column3] {
drop{}
}
}
But in my new index still appear documents with empty column3 and column2.
Can someone correct me?

a.kuz · December 10, 2019, 6:27am

Hi. Probably i think you could reach this by:

Summary

filter {
	csv {
			columns => ["column1","column2","column3","column4"]
			separator => ", "
			quote_char=> "'"
			source => "log"
		}
		if [column2] ~= "" and [column3] {
			mutate {
				add_tag => [ "true" ]
			}
		}
	}
}

output {
	if [tags] == "true" {
        elasticsearch {
            ...
        }
	}
}

system · January 7, 2020, 6:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CSV filter not working properly Logstash	3	549	March 25, 2022
Logstash csv - Filters only rows with specific column count Logstash	2	950	January 30, 2020
Problem with csv filter Logstash	7	400	June 24, 2020
Can we use " :: " as a separator in csv filter in logstash Logstash	4	981	September 29, 2020
Logstash not reading csv file Logstash	6	1263	December 26, 2018

Parsing csv and conditions

Related Topics