Open masech opened 4 years ago
input { generator { lines => [ "1.0.0.0", "0.0.0.0" ] count => 1 } }
filter { dissect { mapping => { "message" => "%{octet_1}.%{octet_2}.%{octet_3}.%{octet_4}" } convert_datatype => { "octet_1" => "int" "octet_2" => "int" "octet_3" => "int" "octet_4" => "int" } }
if ([octet_1] != 0) { #add field 'TRUE' if 'octet_1' is not zero mutate { add_field => { "TRUE" => "Get True" } } } else { #add field 'FALSE' if 'octet_1' is zero mutate { add_field => { "FALSE" => "Get False" } } }
}
output { stdout { codec => rubydebug } }
- Expected output:
{ "TRUE" => "Get True", "octet_1" => 1, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "1.0.0.0" } { "FALSE" => "Get False", "octet_1" => 0, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "0.0.0.0" }
- Actual output:
{ "TRUE" => "Get True", "octet_1" => 1, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "1.0.0.0" } { ""TRUE" => "Get True", "octet_1" => 0, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "0.0.0.0" }
- Steps to Reproduce: the `pipeline.java_execution` setting in the /etc/logstash/logstash.yml file must be enabled (value is true)
filter { dissect { mapping => { "message" => "%{octet_1}.%{octet_2}.%{octet_3}.%{octet_4}" } convert_datatype => { "octet_1" => "int" "octet_2" => "int" "octet_3" => "int" "octet_4" => "int" } }
}
output { stdout { codec => rubydebug } }
{ "TRUE" => "Get True", "octet_1" => 1, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "1.0.0.0" } { "FALSE" => "Get False", "octet_1" => 0, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "0.0.0.0" }
{ "TRUE" => "Get True", "octet_1" => 1, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "1.0.0.0" } { ""TRUE" => "Get True", "octet_1" => 0, "octet_3" => 0, "octet_2" => 0, "octet_4" => 0, "message" => "0.0.0.0" }