Skip to content

Sync docs in 2.3 with logstash repo #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dedemorton merged 1 commit into from
Apr 27, 2016
Merged

Sync docs in 2.3 with logstash repo #189

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 12 additions & 5 deletions docs/static/configuration.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,7 @@ What's an expression? Comparison tests, boolean logic, and so on!
You can use the following comparison operators:

* equality: `==`, `!=`, `<`, `>`, `<=`, `>=`
* regexp: `=~`, `!~`
* regexp: `=~`, `!~` (checks a pattern on the right against a string value on the left)
* inclusion: `in`, `not in`

The supported boolean operators are:
Expand Down Expand Up @@ -406,7 +406,7 @@ output {
}
----------------------------------

The `in` conditional enables you to compare against the value of a field:
You can use the `in` operator to test whether a field contains a specific string, key, or (for lists) element:

[source,js]
----------------------------------
Expand All @@ -433,7 +433,7 @@ filter {
----------------------------------

You use the `not in` conditional the same way. For example,
you could use `not in` to only route events to elasticsearch
you could use `not in` to only route events to Elasticsearch
when `grok` is successful:

[source,js]
Expand All @@ -445,13 +445,20 @@ output {
}
----------------------------------

You can check for the existence of a specific field, but there's currently no way to differentiate between a field that
doesn't exist versus a field that's simply false. The expression `if [foo]` returns `false` when:

* `[foo]` doesn't exist in the event,
* `[foo]` exists in the event, but is false, or
* `[foo]` exists in the event, but is nil

For more complex examples, see <<using-conditionals, Using Conditionals>>.

[float]
[[metadata]]
==== The @metadata field

In Logstash 1.5 there is a new, special field, called `@metadata`. The contents
In Logstash 1.5 and later, there is a special field called `@metadata`. The contents
of `@metadata` will not be part of any of your events at output time, which
makes it great to use for conditionals, or extending and building event fields
with field reference and sprintf formatting.
Expand Down Expand Up @@ -929,7 +936,7 @@ This example labels all events using the `type` field, but doesn't actually pars
Similarly, you can use conditionals to direct events to particular outputs. For example, you could:

* alert nagios of any apache events with status 5xx
* record any 4xx status to elasticsearch
* record any 4xx status to Elasticsearch
* record all status code hits via statsd

To tell nagios about any http event that has a 5xx status code, you
Expand Down