Filebeat - kakfka output 'and' or 'regex' condition not working

Question

Hi , I am trying to filter all messages containing indicator 'TEST01' from different log paths and send the messages to two different topics( topic1 and topic2) based on fields.type

If the fields.type is "first_test" then the messages should go to "topic1" else to "topic2" . Below is the code i tried - but the and: operator is not working. Appreciate any help on coding composite conditions in filebeat -dynamic kafka output . Thank you https://www.elastic.co/guide/en/beats/filebeat/master/defining-processors.html#condition-equals

topics:
  - topic: "topic1"
    and:
      - when.contains:
           message: "TEST01"
      - equals:
          fields.type: "first_test"
  - topic: "topic2"
    and:
      - when.contains:
           message: "TEST01"
      - not:
          equals:
            fields.type: "first_test"

tempp tempp · Accepted Answer · 2020-08-08T06:17:46

Got this work without and: operator but with below code using 'contains' and different fields.type. Still any answers on how to use and: , regex in context of my question will be helpful. thanks

topics:
  - topic: "topic1"
      - when.contains:
           message: "TEST01"
           fields.type: "first_test"
  - topic: "topic2"
      - when.contains:
           message: "TEST01"
           fields.type: "second_test

Filebeat - kakfka output 'and' or 'regex' condition not working

1 Answers