Conditions Examples - logzio/sawmill GitHub Wiki

Examples

Simple if statement

{
  "steps": [
    {
      "if": {
        "condition": {
          "matchRegex": {
            "field": "message",
            "regex": "^#",
            "matchPartOfValue":"true"
          }
        },
        "then": [
          {
            "drop": {
              "config": {}
            }
          }
        ]
      }
    }
  ]
}

Complex if statements

{
  "steps": [{
    "if": {
      "condition": {
        "or": [{
          "not": [{
            "exists": {
              "field": "x-forwarded-for"
            }
          }]
        }, {
          "hasValue": {
            "field": "x-forwarded-for",
            "possibleValues": ["-"]
          }
        }]
      },
      "then": [{
        "addField": {
          "config": {
            "path": "real_client_ip",
            "value": "{{c-ip}}"
          }
        }
      }],
      "else": [{
        "addField": {
          "config": {
            "path": "real_client_ip",
            "value": "{{x_forwader_for}}"
          }
        }
      }]
    }
  }]
}

{
  "steps": [{
    "if": {
      "condition": {
        "and": [{
            "mathComparator": {
              "field": "day_diff",
              "gte": 0
            }
          },
          {
            "mathComparator": {
              "field": "day_diff",
              "lte": 0
            }
          }
        ]
      },
      "then": [{
        "math": {
          "config": {
            "targetField": "time_gap",
            "expression": "{{timestamp_hour}}-{{current_hour}}"
          }
        }
      }]
    }
  }]
}