Menu
How do I change this Logstash filter to be case insensitive?
filter {
if "foo" in [message] {
mutate { add_field => { "Alert_level" => "5" }}
}
}
I could not get it to work as shown in https://github.com/elastic/logstash/pull/3636
912
The pull request you mention was never merged, so it's not available (and apparently there is no plan to do so).
You can use another syntax (mentioned in one of the comments to your question):
filter {
if "foo" =~ /(?i)message/ {
...
}
}
The syntax will match for message or MESSAGE or even MeSSaGe.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
