Translate plugin does not populate destination if it already exists

parosio · October 22, 2018, 3:26pm

Hello,

I think I've found a rather weird behavior of translate plugin (logstash 5.4).

I'm looking for a match in a first dictionary; if no match is found, I need to use a second dictionary.
The second translation only works if I remove the destination field (as in the example below).

Could someone check if this is correct, or if I've overlooked something?

  filter { 
     . . . 
    translate {
    field => "Source_Ip"
    destination => "src_translation"
    exact => true
    fallback => "not_found"
    dictionary_path => "${DICTS}/first_dict.yml"
  }
  if ( [src_translation] =~ /not_found/ ) {
     # it only works removing destination field
    mutate {remove_field => ["src_translation"]}
    translate {
      field => "Source_Ip"
      destination => "src_translation"
      exact => true
      fallback => "not_found"
      dictionary_path => "${DICTS}/second_dict.yml"
    }
  }
 . . . }

system · November 19, 2018, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Translate filter not working Logstash	2	1551	June 27, 2017
Multiple translate filters on the same event field in logstash Logstash	3	1297	July 3, 2019
Logstash Translate Plugin - Dynamic dictionary path Logstash	2	652	July 9, 2019
Regex not working for translate filter Logstash	3	2109	July 6, 2017
Translate filter not working properly Logstash	3	1154	February 19, 2018

Translate plugin does not populate destination if it already exists

Related topics