在我的Logstash管道中,如果匹配正则表达式,我想对字段应用一些操作。例如,我想过滤所有以url开头的JOB:字段,因此在研究之后我想出了这个配置:
filter {
grok {
patterns_dir => ["./patterns"]
if [url] =~ /^JOB: .*/ {
add_field => {
"job_type" => "JOB: %{job_type:url}"
}
}
}
}
但在运行service logstash configtest后,我收到此错误:
The given configuration is invalid. Reason:
Expected one of #, => at line 87, column 7 (byte 3332) after filter {
grok {
patterns_dir => ["./patterns"]
if
答案 0 :(得分:2)
if需要退出grok过滤器,即它必须包围grok
filter {
if [url] =~ /^JOB: .*/ {
grok {
patterns_dir => ["./patterns"]
match => ["url" => "JOB: %{job_type:job_type}"]
}
}
}