Sprintf format in if statement

jcarre31 · March 13, 2019, 8:35am

I try to use a sprintf format in a IF statement in output bloc but failled.

filter {
  mutate {
        add_field => { "systype" => "cpu" }
  }
}

output {
   if [event][dataset] == "system.%{systype}" {
    elasticsearch {
...

=> never go into the elastic output

filter {
  mutate {
        add_field => { "systype" => "cpu" }
  }
  mutate {
    add_field => { "systype2" => "system.%{systype}" }
  }
}

output {
   if [event][dataset] == [systype2] {
    elasticsearch {
...

=> It's OK

why ?

system · April 10, 2019, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.