堆栈内存溢出
  简体   繁体   English

在 logstash 中使用条件

[英]Using a conditional in logstash

 原文  2021-02-19 19:50:38       logstash

问题描述

Has anyone ever added a conditional to an input?有没有人在输入中添加过条件? I'm using various versions of the beats plugin.我正在使用各种版本的节拍插件。 Versions less than 7.11 don't have @metadata I'd like to use two different indicies conditionally.低于 7.11 的版本没有 @metadata 我想有条件地使用两个不同的指标。 For example,例如,

15    beats {
16         port => "5000"
17         codec => "plain"
18         ssl => true
19         ssl_certificate_authorities => ["/etc/pki/logstash/logstashCA.pem"]
20         ssl_certificate => "/etc/pki/logstash/logstashCA.pem"
21         ssl_key => "/etc/pki/logstash/logstashCA.p8"
22         ssl_verify_mode => "force_peer"
23         if [version] not in [beat] {
24                 add_field => { "target_index" => "%{[@metadata][beat]}-%{[beat]}-7-%{+YYYY.MM.dd}" }
25         }
26         add_field => { "target_index" => "%{[@metadata][beat]}-%{[beat][version]}-%{+YYYY.MM.dd}" }
27    }

1 个解决方案

解决方案1
 1  2021-02-19 21:02:52

No, you cannot have a conditional based on fields of the event in an input because at the time the input is built no events exit.不,您不能在输入中具有基于事件字段的条件,因为在构建输入时没有事件退出。 However you can do it in the filter section但是,您可以在过滤器部分执行此操作

if [beat][version] {
    add_field => { "target_index" => "%{[@metadata][beat]}-%{[beat][version]}-%{+YYYY.MM.dd}" }
} else {
    add_field => { "target_index" => "%{[@metadata][beat]}-%{[beat]}-7-%{+YYY
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Logstash 条件 output 使用环境变量不起作用 - Logstash conditional output using environment variable not working 使用元数据字段使用logstash创建条件输出时遇到问题 - Having issues creating conditional outputs with logstash using metadata fields 用于logstash的grok的条件匹配 - conditional matching with grok for logstash Logstash Grok链条件过滤器 - Logstash grok chain conditional filters 如何在logstash中创建条件字段? - How to create a conditional field in logstash? 使用logstash检查条件中的多个字符串 - Checking for multiple strings in a conditional with logstash Logstash 有条件检查标签是否存在? - Logstash conditional to check if tag exists? 以弹性搜索连接为条件的 Logstash 输出 - Logstash output conditional on elasticsearch connection 输入块中的 logstash 条件语句 - logstash conditional statement in input block Logstash 条件截断消息长度 - Logstash conditional truncate on message length
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM