-
Notifications
You must be signed in to change notification settings - Fork 24
Conditions Examples
orbenharosh edited this page Feb 21, 2023
·
3 revisions
{
"steps": [
{
"if": {
"condition": {
"matchRegex": {
"field": "message",
"regex": "^#",
"matchPartOfValue":"true"
}
},
"then": [
{
"drop": {
"config": {}
}
}
]
}
}
]
}{
"steps": [{
"if": {
"condition": {
"or": [{
"not": [{
"exists": {
"field": "x-forwarded-for"
}
}]
}, {
"hasValue": {
"field": "x-forwarded-for",
"possibleValues": ["-"]
}
}]
},
"then": [{
"addField": {
"config": {
"path": "real_client_ip",
"value": "{{c-ip}}"
}
}
}],
"else": [{
"addField": {
"config": {
"path": "real_client_ip",
"value": "{{x_forwader_for}}"
}
}
}]
}
}]
}{
"steps": [{
"if": {
"condition": {
"and": [{
"mathComparator": {
"field": "day_diff",
"gte": 0
}
},
{
"mathComparator": {
"field": "day_diff",
"lte": 0
}
}
]
},
"then": [{
"math": {
"config": {
"targetField": "time_gap",
"expression": "{{timestamp_hour}}-{{current_hour}}"
}
}
}]
}
}]
}- Home
-
Pipelines
-
Processors
- Add Field Processor
- Add Tag Processor
- AhoCorasick Processor
- Anonymize Processor
- Append List Processor
- Arrays Intersect Processor
- Base64 Decode Processor
- Convert Processor
- CSV Processor
- Date Processor
- Drop Processor
- External Mapping Source Processor
- GeoIP Processor
- Grok Processor
- JSON Processor
- Key Value Processor
- LowerCase Processor
- Math Processor
- Remove Field Processor
- Remove Tag Processor
- Rename Field Processor
- Split Processor
- Strip Processor
- Substitue Processor
- Substring Processor
- Translate Processor
- UpperCase Processor
- User Agent Processor
- URL Decode Processor
- XML Processor
- DeDot Processor
- Doc Size Processor
- If statement
- Additional Commands
-
Processors