Michael Dz
Reputation: 3834
Logstash filter, if field matches regex not working
In my Logstash pipeline I want to apply some operations to a field if it matches a regex. For example I want to filter all url fields that start with JOB: so after researching I came up with this config:
filter {
grok {
patterns_dir => ["./patterns"]
if [url] =~ /^JOB: .*/ {
add_field => {
"job_type" => "JOB: %{job_type:url}"
}
}
}
}
But after running service logstash configtest I get this error:
The given configuration is invalid. Reason:
Expected one of #, => at line 87, column 7 (byte 3332) after filter {
grok {
patterns_dir => ["./patterns"]
if
Upvotes: 1
Views: 3610
Answers (1)
Val
Reputation: 217274
The if needs to go out of the grok filter, i.e. it must surround the grok
filter {
if [url] =~ /^JOB: .*/ {
grok {
patterns_dir => ["./patterns"]
match => ["url" => "JOB: %{job_type:job_type}"]
}
}
}
Upvotes: 3
Related Questions
- RegEx Filter Works In RegExr But Not Logstash Grok
- Logstash grok filter apache pattern
- Conditionals and regex doubts with grok filter in logstash
- How to match any pattern by ignoring any special character in Logstash?
- Custom GROK filter - Logstash -> Elasticsearch
- elasticsearch filter not working in logstash
- Logstash filter Regex into Field
- Logstash issue with config regex
- grok filter for log pattern
- How should I filter multiple fields with the same name in logstash?