switch case available in logstash?

_asp_ · Post by **_asp_** » Mon Jul 04, 2016 7:27 am

Hi,

is "switch case" function available in logstash? I didn't find it in documentation, but maybe i just looked at the wrong place.

Thanks, Andreas

hsmith · Post by **hsmith** » Tue Jul 05, 2016 9:53 am

Can you please provide some context as to exactly what you're trying to do?

_asp_ · Post by **_asp_** » Mon Jul 18, 2016 5:53 am

I have a field named status which contains a status as number which I extract from the logs.

Following status mapping as example: statuscode=codenumber -> statusCluster
0=pending -> pending
1=authenticating -> auth
2=processing ->
10 - 20 =different error codes
30=user cancel -> cancelByUser

To be able to use the status with comfort I would like to cluster it to a new field which is named statusCluster:
my target would be:

Code: Select all

switch (status)
{
    case 30: 
        mutate 
	{
		add_field => { "StatusCluster" => "cancelByUser" }
	}
        break;
   case 0:
      mutate 
	{
		add_field => { "StatusCluster" => "pending" }
	}
        break;
      
       ... and so on ...
}

but without switch case I need to do it with nested if statements which I am currently using.
But switch case - if existing - would simplify the code

Post by **mcapra** » Mon Jul 18, 2016 10:01 am

It does not look like Logstash supports switch conditionals, though I agree this would provide a route for cleaner code.
https://www.elastic.co/guide/en/logstas ... ation.html

I would suggest raising an issue on logstash the github page if this is a feature you would like to see implemented:
https://github.com/elastic/logstash

Nagios Support Forum

switch case available in logstash?

switch case available in logstash?

Re: switch case available in logstash?

Re: switch case available in logstash?

Re: switch case available in logstash?