Home > Back-end >  Logstash - if condition ignored
Logstash - if condition ignored

Time:09-20

I am struggling with an issue, that my if condition is completely ignored by logstash. It is nothing complicated, but yet I can't see my tags added to the event.

if [records][properties][resourceDisplayName] =~ /Windows Azure Active Directory/ {
    mutate {
      remove_tag => [ "Windows" ]
      add_tag => [ "Azure" ]
    }
  }

  if [records][properties][resourceDisplayName] =~ /Outlook/ {
    mutate {
      remove_tag => [ "Windows" ]
      add_tag => [ "Outlook" ]
    }
  }

Tags "Azure" and "Outlook" are not added at all and tag "Windows" is still available. I have tried also like this:

if "Outlook" in [records][properties][resourceDisplayName] {
 do something
}

and this

if [records][properties][resourceDisplayName] == "Outlook" { 
  do something 
}

But it didn't work either. What am I doing wrong?

CodePudding user response:

It turned out it was an array. This worked for me.

if [records][0][properties][resourceDisplayName]

Page link:https//www.codepudding.com/Backend/550282.html

Prev:Groovy: Parsing List elements
Next:Nim: How to pass an array of varying size to an argument of a foreign function calling into a .dll?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding