Goal here is checking some conditions and replacing values. I'm working with an if processor for my filebeat (interacting with elasticsearch)
- if:
and:
regexp:
severity_for_condition: 1
event_type_for_condition: "bat_vol"
then:
- add_fields:
target: "data.condition"
fields:
data.condition: "Low voltage detected - critical"
else:
- add_fields:
target: "data.condition"
fields:
data.condition: "Low voltage detected - warning"
- if:
and:
regexp:
severity_for_condition: 1
event_title_for_condition: "GPS Power Loss"
then:
- add_fields:
target: "data.condition"
fields:
data.condition: "GPS power loss detected"
else:
- add_fields:
target: "data.condition"
fields:
data.condition: "Intermittent GPS power loss detected"
Error I'm getting is:
error initializing beat: error initializing processors: failed to make if/then/else processor: missing or invalid condition
Where is the missing or invalid condition? I'll add that those values in the
regexp:
Are coming from my script above in the file:
- script:
lang: javascript
source: >
function process(event) {
var severity_for_condition = event.Get("data.severity");
var event_type_for_condition = event.Get("type");
var event_title_for_condition = event.Get("data.title");
The documentation says
and:
- equals:
http.response.code: 200
- equals:
status: OK
Therefore, try:
- if:
and:
regex:
event_type_for_condition: "bat_vol"
regexp:
severity_for_condition: 1
then:
- add_fields:
target: "data.condition"
fields:
data.condition: "Low voltage detected - critical"