{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 啃猪蹄的小仙女 的问题《How to get logs and it's data having word “err》','https://www.manongdao.com/q-310932.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Currently I am working on an application where I need to create documents from particular data from a file at specific location. I have set up logstash pipeline configuration.
Here is what it looks like currently:
input{
file{
path => "D:\ELK_Info\logstashInput.log"
start_position => "beginning"
}
}
#Possible IF condition here in the filter
output {
#Possible IF condition here
http {
url => "http://localhost:9200/<index_name>/<type_name>"
http_method => "post"
format => "json"
}
}
I want to provide IF condition in output before calling API. The condition should be like, "If data from input contains word 'Error', only then proceed further to call http API mentioned."
Any idea on how may I do the same?
Please look at this link: Ignore and move to next pattern if log contains a specific word
The first step is to look whehther input has error as key word, if so, continue the parsing by second grok. If no, just forget the input.