jeudi 16 novembre 2017

Conditional Filtering with if in elasticsearch

I have the following filter.conf file in my logstash configuration:

filter {
    mutate {
        add_field => {
            "node" => "%{[@metadata][rabbitmq_headers][node]}"
            "connection" => "%{[@metadata][rabbitmq_headers][connection]}"
            "vhost" => "%{[@metadata][rabbitmq_headers][vhost]}"
            "user" => "%{[@metadata][rabbitmq_headers][user]}"
            "channel" => "%{[@metadata][rabbitmq_headers][channel]}"
            "exchange" => "%{[@metadata][rabbitmq_headers][exchange_name]}"
            "routing_keys" => "%{[@metadata][rabbitmq_headers][routing_keys]}"
            "routed_queues" => "%{[@metadata][rabbitmq_headers][routed_queues]}"
            "routing-key" => "%{[@metadata][rabbitmq_properties][routing-key]}"
        }
    }
    if [exchange] == "OUTGOING.E.TOPIC" {
      mutate { add_field => "status" => "Outgoing message" }
    } else if [exchange] == "INCOMING.E.TOPIC" {
      mutate { add_field => "status" => "Incoming message" }
    } else {
      mutate { add_field => "status" => "Unknown" }
    }
}

But, when I try to run logstash I get:

Cannot create pipeline {:reason=>"Expected one of #, {, \", ', }

In the if condition (If I remove it, it works). What am I doing wrong with the if condition?

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)