Last active
December 19, 2015 01:28
-
-
Save MichalBryxi/5875989 to your computer and use it in GitHub Desktop.
Logstash @fields.anything usage example. Documentation is not very explicit in this topic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I want to add tag => 'nagios' to every record where: | |
| # @fields.severity == "PHP Fatal" | |
| filter { | |
| # Does not work | |
| grep { | |
| match => [ "@fields.severity", "PHP Fatal" ] | |
| add_tag => [ "nagios" ] | |
| drop => false | |
| } | |
| # Works, but is not really explicit | |
| grep { | |
| match => [ "severity", "PHP Fatal" ] | |
| add_tag => [ "nagios" ] | |
| drop => false | |
| } | |
| # Works, but it's overkill - parses whole @message | |
| grep { | |
| match => [ "@message", "PHP Fatal" ] | |
| add_tag => [ "nagios" ] | |
| drop => false | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment