What is the proper way to use multiple 'and' and 'or' statements in a conditional statement? I've looked around but do not see any examples an I've tried using things like parenthesis with no luck either.
Here is an example of what I'm trying to do:
if [service] == "user" and "ASSIGN" in [zd_junk] and "DOMAIN" in [zd_junk] or "USER" in [zd_junk]{
The line above seems to run without error but i'm worried about the order of operation used by Logstash. It appears to match this equivalent if using parenthesis:
( "user" and "ASSIGN" in [zd_junk] and "DOMAIN" in [zd_junk] ) OR ( "USER" in [zd_junk] )
What I'd like to do would be more like this:
( "user" and "ASSIGN" in [zd_junk] ) and ( "DOMAIN" in [zd_junk] ) OR "USER" in [zd_junk] )
I'm sure i'm missing something simple and would appreciate any tips.
You should just be able to use parenthesis to make it the correct statement although the one you would like it to be is missing something or has an extra parenthesis. Have you tested it yet with parenthesis?
Thanks for the reply. I had tried parenthesis but must have mistyped something because I was getting config errors. I tried again this morning with a fresh brain and it worked as it should.
Thanks Alex. I actually did that on purpose to make them stand out but inadvertently failed to mention that in my original post. I'm pretty new to LogStash, however; and make plenty of other typos so far. It's a great product though.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.