Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
122 views
in Technique[技术] by (71.8m points)

Checking for multiple strings in a conditional with logstash

I would like to find the easiest way to add a field tag when a condition is true.

if [target_index] == "myindex" and 
    ("str1" in message 
    or "str2" in message
    or "str3" in message){
        mutate {
            add_tag => ["mytag"]
        }
    }

I am following the documentation listed here. However, when I restart logstash I get "LogStash::ConfigurationError. Maybe there is a better way to do this? I would appreciate any help on this.

question from:https://stackoverflow.com/questions/65836199/checking-for-multiple-strings-in-a-conditional-with-logstash

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You need square brackets around the references to [message]

filter {
    if [target_index] == "myindex" and
("str1" in [message]
or "str2" in [message]
or "str3" in [message]){
    mutate {
        add_tag => ["mytag"]
    }
}

That said, I would write this using alternation in a regexp

if [target_index] == "myindex" and [message] =~ /str1|str2|str3/

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...