我的logstash配置中有以下filter.conf文件:
filter {
mutate {
add_field => {
"node" => "%{[@metadata][rabbitmq_headers][node]}"
"connection" => "%{[@metadata][rabbitmq_headers][connection]}"
"vhost" => "%{[@metadata][rabbitmq_headers][vhost]}"
"user" => "%{[@metadata][rabbitmq_headers][user]}"
"channel" => "%{[@metadata][rabbitmq_headers][channel]}"
"exchange" => "%{[@metadata][rabbitmq_headers][exchange_name]}"
"routing_keys" => "%{[@metadata][rabbitmq_headers][routing_keys]}"
"routed_queues" => "%{[@metadata][rabbitmq_headers][routed_queues]}"
"routing-key" => "%{[@metadata][rabbitmq_properties][routing-key]}"
}
}
if [exchange] == "OUTGOING.E.TOPIC" {
mutate { add_field => "status" => "Outgoing message" }
} else if [exchange] == "INCOMING.E.TOPIC" {
mutate { add_field => "status" => "Incoming message" }
} else {
mutate { add_field => "status" => "Unknown" }
}
}
但是,当我尝试运行logstash时,我得到:
Cannot create pipeline {:reason=>"Expected one of #, {, \", ', }
在if条件下(如果我删除它,它可以工作)。 if条件我做错了什么?
答案 0 :(得分:0)
"status" => "Outgoing message"
看起来像这样:
if [exchange] == "OUTGOING.E.TOPIC" {
mutate {
add_field => {
"status" => "Outgoing message"
}
}
} else if [exchange] == "INCOMING.E.TOPIC" {
mutate { add_field => {"status" => "Incoming message"} }
} else {
mutate { add_field => {"status" => "Unknown"} }
}
您可以查看文档here。