Penguen
Reputation: 17278
How to write if condition inside of the logstash grok pattern?
My question is related to logstash grok pattern. I created below pattern that's working fine but the big problem is not string values. Sometimes; "Y" and "age" can be null so my grok pattern not create any log in elasticseach. It is not working properly. I need to tell my grok pattern :
if(age is null || age i empty){
updatefield["age",0]
}
but I don't know how to make it. by the way; I checked many solutions by googling but it is directly related to my problem.
input {
file {
path => ["C:/log/*.log"]
start_position => "beginning"
discover_interval => 10
stat_interval => 10
sincedb_write_interval => 10
close_older => 10
codec => multiline {
pattern => "^%{TIMESTAMP_ISO8601}\|"
negate => true
what => "previous"
}
}
}
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:formattedDate}.* X: %{DATA:X} Y: %{NUMBER:Y} Z: %{DATA:Z} age: %{NUMBER:age:int} "}
}
date {
timezone => "Europe/Istanbul"
match => ["TimeStamp", "ISO8601"]
}
json{
source => "request"
target => "parsedJson"
}
mutate {
remove_field => [ "path","message","tags","@version"]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "logstash-%{+YYYY.MM}"
}
}
Upvotes: 2
Views: 4723
Answers (1)
Sufiyan Ghori
Reputation: 18743
You can check if your fields exists or are empty using conditionals with your filter,
filter {
if ![age] or [age] == "" {
mutate {
update => { "age" => "0" }
}
}
}
Upvotes: 2
Related Questions
- Grok Conditional pattern in Logstash yaml (if..else)
- How to use IF ELSE condition in grok pattern in logstash
- logstash if statement within grok statement
- logstash grok filter pattern
- Grok custom pattern
- Grok filter for logstash to match a specific value from a log file
- How to add condition to my logstash grok filter?
- how to apply if condition on fields of json contained in a log
- How to write grok pattern in logstash
- Logstash conditional not matching