使用弹性搜索中的if进行条件过滤

时间:2017-11-16 13:27:47

标签: if-statement elasticsearch logstash

我的logstash配置中有以下filter.conf文件:

filter {
    mutate {
        add_field => {
            "node" => "%{[@metadata][rabbitmq_headers][node]}"
            "connection" => "%{[@metadata][rabbitmq_headers][connection]}"
            "vhost" => "%{[@metadata][rabbitmq_headers][vhost]}"
            "user" => "%{[@metadata][rabbitmq_headers][user]}"
            "channel" => "%{[@metadata][rabbitmq_headers][channel]}"
            "exchange" => "%{[@metadata][rabbitmq_headers][exchange_name]}"
            "routing_keys" => "%{[@metadata][rabbitmq_headers][routing_keys]}"
            "routed_queues" => "%{[@metadata][rabbitmq_headers][routed_queues]}"
            "routing-key" => "%{[@metadata][rabbitmq_properties][routing-key]}"
        }
    }
    if [exchange] == "OUTGOING.E.TOPIC" {
      mutate { add_field => "status" => "Outgoing message" }
    } else if [exchange] == "INCOMING.E.TOPIC" {
      mutate { add_field => "status" => "Incoming message" }
    } else {
      mutate { add_field => "status" => "Unknown" }
    }
}

但是,当我尝试运行logstash时,我得到:

Cannot create pipeline {:reason=>"Expected one of #, {, \", ', }

在if条件下(如果我删除它,它可以工作)。 if条件我做错了什么?

1 个答案:

答案 0 :(得分:0)

"status" => "Outgoing message"

周围缺少方括号

看起来像这样:

if [exchange] == "OUTGOING.E.TOPIC" {
  mutate { 
    add_field => {
      "status" => "Outgoing message"
    } 
  }
} else if [exchange] == "INCOMING.E.TOPIC" {
  mutate { add_field => {"status" => "Incoming message"} } 
} else {
  mutate { add_field => {"status" => "Unknown"} }
}

您可以查看文档here

相关问题
最新问题