Logstash grok filter with if statements -
i having trouble using if statements along grok filter in order filter log data.
example of code:
.conf file
input { stdin { } } filter { grok { patterns_dir => ["./patterns"] match => {"message" => "%{api_call}"} } if "_grokparsefailure" not in [tags] { grok { add_tag => ["external api call"] } } } output { stdout { codec => rubydebug } }
custom patterns
api_call called
if run configuration , give input string of called
grokparsefailure
. if rid of if statement block , run again, have successful match.
all appreciated.
Comments
Post a Comment