Menu
Using Logstash 1.4.2, I have a field myfield that is a boolean value in my JSON document.
To check if it exists (don't care about the boolean value) I used:
if[myfield] { ...exists... } else { ...doesn't exist... }
The results from testing this conditional statement are:
[myfield] does not exist --> false
[myfield] exists, is true --> true
[myfield] exists, is false --> false //expected true because the field exists
It is checking the boolean value, not its existence.
How can I check that a boolean field exists?
412
Kind of lame that it doesn't work right out of the box, but you can hack it like this -- add a string representation of the boolean, compare against the string, and then remove the added field:
filter {
mutate {
add_field => { "test" => "%{boolean}" }
}
if [test] == 'true' or [test] == 'false' {
// field is present and set right
} else {
// field isn't present or set to something other than true/false
}
mutate {
remove_field => [ "test" ]
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
