Unable to write not equal condition with filebeat processor

Sourabh_Sharma1 · March 11, 2021, 11:44am

`

dissect:
tokenizer: '"%{pid|integer} - %{service.name} - %{service.status}"'
field: "message"
target_prefix: ""
- drop_event:
  when:
  not:
  equals:
  pid|integer: "105"

smaple logs:

"321 - App01 - WebServer is starting"
"105 - App01 - WebServer is starting"
"109 - App01 - WebServer is starting"
"115 - App01 - WebServer is starting"

this single not equal works fine. when I apply it with or condition it is not work.

processors:
#- add_host_metadata: ~
#- add_cloud_metadata: ~
#- add_docker_metadata: ~
#- add_kubernetes_metadata: ~

dissect:
tokenizer: '"%{pid|integer} - %{service.name} - %{service.status}"'
field: "message"
target_prefix: ""
drop_event:
when:
or:
not:
equals:
pid|integer: "105"
not:
equals:
pid|integer: "115"

2021-03-11T17:14:37.654+0530 INFO instance/beat.go:655 Beat ID: fecab980-bf36-4d77-a0b2-4fe49d64b99d
2021-03-11T17:14:37.661+0530 INFO instance/beat.go:390 filebeat stopped.
2021-03-11T17:14:37.661+0530 ERROR instance/beat.go:958 Exiting: error initializing processors: failed to initialize condition: missing or invalid condition
Exiting: error initializing processors: failed to initialize condition: missing or invalid condition`

system · April 8, 2021, 1:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.