TL;DR:
if [yourField] or [yourField] =~ /.*/ {
# Your code
}
Why?
In Logstash [yourField] could come in one of these datatypes:
- [yourField] = String
- [yourField] = Null
- [yourField] = Number
- [yourField] = Boolean
i.e. [level] = "ERROR"
And also could have sub-fields and therefore these combinations:
- [yourField][yourSub] = String
- [yourField][yourSub] = Null
- [yourField][yourSub] = Number
- [yourField][yourSub] = Boolean
i.e. [request][time_milliseconds] = 73
If we use "if [yourField]" to check if the field exists, turns out that not always matches and if we use "if [yourField] =~ /.*/" not always matches.
Result:
- "if [yourField]" won't work when the field exists but is Null.
- "if [yourField] =~ /.*/" won't work when is a number, boolean or has sub-fields.
The safer approach is:
if [yourField] or [yourField] =~ /.*/ {
# Your code
}
Your post is helping me a lot. Its really nice and epic. Thanks a lot for the useful info on this topic. You did it so much well. I love to see more about GBWhatsApp. Keep sharing and updating. Also share more posts with us. Thank you.
ReplyDeleteSands Casino & Spa - Shooting Star
ReplyDeleteThe largest casino resort in Canada, 더킹카지노 Sands is located on a 7.2-million square foot casino floor. The fun88 vin casino features more 샌즈카지노 than 800 slot machines, including a variety