Unable to use if condition in logstash output section

Nithani25 · May 2, 2019, 6:43am

Hi Team,
I am using file to inject two types of logs available on the same server via tcp port communication, since the log source is different i want two different indices to be created from logstash, which i am not able to achieve. I am copying my output section for your reference. need help on this.

Logstash output:

output {
  if [log_source] in [ "califfornia" , "newyork", "losangeles" ] {
   elasticsearch {
        hosts => [ "XXXXXXXXx:9200" ]
        user => "yyyyyyyyyy"
        password => "ppppppp"
        index => "usregion-log-%{log_source}-%{+YYYY.MM.dd}"
       }
  else if [log_source] in [ "england" , "india", "pakistan" ] {
   elasticsearch {
        hosts => [ "XXXXXXXXx:9200" ]
        user => "yyyyyyyyyy"
        password => "ppppppp"
        index => "intlregion-log-%{log_source}-%{+YYYY.MM.dd}"
       }  
    }
  stdout { codec => rubydebug }
}

Christian_Dahlqvist · May 2, 2019, 6:59am

What is the output to stout? Do you have the field you are using defined?

BennyInc · May 2, 2019, 7:05am

It looks like your first if statement is missing a closing bracket before the else?

system · May 30, 2019, 7:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple if conditions in output section-Logstash conf Logstash	1	1215	August 17, 2017
Using different Index names in Output logstash Logstash	5	434	June 16, 2021
Clarification on if/else behavior in output Logstash	3	379	October 21, 2019
If condition not working in logstash output Logstash	9	5654	September 21, 2018
Is it possible to use if else conditional within elastic serach output plugin? Logstash	4	1906	November 20, 2018

Unable to use if condition in logstash output section

Logstash output:

Related topics