I'm using elastic stack 7.3.2. I need to use working logstash config on new version. This one construction work perfect on version 6.5.0, but don't work on 7.3.2
filter {
csv {
columns => ["column1","column2","column3","column4"]
separator => ", "
quote_char=> "'"
source => "log"
}
if [column2] == "" {
drop{}
}
if ![column3] {
drop{}
}
}
But in my new index still appear documents with empty column3 and column2.
Can someone correct me?
Hi. Probably i think you could reach this by:
Summary
filter {
csv {
columns => ["column1","column2","column3","column4"]
separator => ", "
quote_char=> "'"
source => "log"
}
if [column2] ~= "" and [column3] {
mutate {
add_tag => [ "true" ]
}
}
}
}
output {
if [tags] == "true" {
elasticsearch {
...
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.