Menu
Is there any way in logstash to use a conditional to check if a specific tag exists?
For example,
grok { match => [ "message", "Some expression to match|%{GREEDYDATA:NOMATCHES}" ] if NOMATCHES exists Do something.
How do I verify if NOMATCHES tag exists or not?
Thanks.
411
Just so we're clear: the config snippet you provided is setting a field, not a tag.
Logstash events can be thought of as a dictionary of fields. A field named tags is referenced by many plugins via add_tag and remove_tag operations.
You can check if a tag is set:
if "foo" in [tags] { ... } But you seem to want to check if a field contains anything:
if [NOMATCHES] =~ /.+/ { ... } The above will check that NOMATCHES exists and isn't empty.
Reference: configuration file overview.
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
