Menu
I am using Logstash to process some flow data. Now I came across a problem while tagging the data using a conditional.
If I write the following in the logstash config
if [myfield] == "abc"{ mutate { add_tag => ["mytag"] } }
else { mutate { add_tag => ["not_working"] } }
everything works just fine, but now I want to use a list like
if [myfield] is in ["abc"]{ mutate { add_tag => ["mytag"] } }
else { mutate { add_tag => ["not_working"] } }
and only get a not_working tag.
Any suggestions? Thanks in advance!
867
It seems as if there has to be more than one value in the array/list. You could just duplicate the only value like
if [myfield] in ["abc", "abc"] { mutate { add_tag => ["mytag"] } }
else { mutate { add_tag => ["not_working"] } }
and it is working fine.
179
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With