Logstash compare a field to a number

Question

I'm searching a way to compare a Logstash field to a number in a conditional statement, but couldn't find anything in the documentation.

Something like this for example:

if [myfiels] => 1{
           mutate {
                   add_field => ["fild", "1"]
           }

or

if [myfiels] >= 1 and [myfiels] <= 3 {
               mutate {
                       add_field => ["fild", "2"]
               }

Thanks.

score 3 · Accepted Answer · edited Feb 19 '16 at 12:03

3

You first need to convert column type.

input {
   stdin{}
}

filter {
    grok {
        match => ["message","%{NUMBER:num}" ]
    }
    mutate {
        convert => { "num" => "integer" }
    }
    if [num] >= 5 {
        mutate { 
            add_field => { "xyz" => "123" }
        }
    }
}

output {
    stdout { codec => rubydebug }
}

edited Feb 19 '16 at 12:03

Kobayashi

2,402
3
16
25

answered Feb 18 '16 at 21:37

Mukrram Rahman

426
2
14

Thanks for your help! – Vucomir Ianculov Mar 15 '16 at 19:56

Logstash compare a field to a number

1 Answers1