How do I change this Logstash filter to be case insensitive? <pre class="prettyprint"><code>filter { if "foo" in [message] { mutate { add_field => { "Alert_level" => "5" }} } } </code></pre> I could not get it to work as shown in https://github.com/elastic/logstash/pull/3636

The pull request you mention was never merged, so it's not available (and apparently there is no plan to do so). You can use another syntax (mentioned in one of the comments to your question): <pre class="prettyprint"><code>filter { if "foo" =~ /(?i)message/ { ... } } </code></pre> The syntax will match for <code>message</code> or <code>MESSAGE</code> or even <code>MeSSaGe</code>.

Using a case insensitive Logstash filter

How do I change this Logstash filter to be case insensitive?

filter {
  if "foo" in [message] {
    mutate { add_field => { "Alert_level" => "5" }}
  }
}

I could not get it to work as shown in https://github.com/elastic/logstash/pull/3636

The pull request you mention was never merged, so it's not available (and apparently there is no plan to do so).

You can use another syntax (mentioned in one of the comments to your question):

filter {
  if "foo" =~ /(?i)message/ {
    ...
  }
}

The syntax will match for message or MESSAGE or even MeSSaGe.

Using a case insensitive Logstash filter

Tags:

logstash

logstash-grok

logstash-configuration

Jam

1 Answers

magnetik

Recent Activity

Donate For Us

Using a case insensitive Logstash filter

Tags:

logstash

logstash-grok

logstash-configuration

Jam

1 Answers

magnetik

Related questions

Recent Activity

Donate For Us