I am facing issues with Logstash filters: I want to put a condition like following:
filter {
if [SPCI] == 79 {
mutate {
replace => { "RSRP79" => "%{SRSRP}" }
replace => { "RSRQ79" => "%{SRSRQ}" }
}
}
My dataset looks like:
{
"took": 29,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 22656,
"max_score": null,
"hits": [
{
"_index": "processed.radiosignal",
"_type": "_doc",
"_id": "v_FJQnYBEKhQVcwaCsCy",
"_version": 26,
"_score": null,
"_source": {
"ElapsedRT": 0,
"Alt": 0,
"Row": 0,
"RSRP116": "0",
"NRSRP": -103,
"@version": "1",
"Handover": 0,
"Time": "2020.12.08-11.34.49.14",
"NRSRQ": -13,
"SPCI": 79,
"SRSRP": -100,
"@timestamp": "2020-12-15T17:31:29.080Z",
"SRSRQ": -11,
"RSRP79": "0",
"NPLMN": "nullnull",
"NPCI": 116,
"RSRQ116": "0",
"Lat": 0,
"Long": 0,
"RSRQ79": "0"
},
"fields": {
"@timestamp": [
"2020-12-15T17:31:29.080Z"
]
},
"sort": [
1608053489080
]
}
The query is not performing as expected and if SRSRP == 79 is failing.
I am quite new to ELK and could not understand where is the issue.
Just to clarify, I am creating RSRP79 and RSRQ79 fields using alter plugin in previous step and it is working fine.