New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[syslog processor] Cannot use a 'when' condition #36762
Comments
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
Workaround: - if:
regexp.message: '^<\d+>\d '
then:
syslog:
field: message |
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this issue
Oct 5, 2023
Fix the ability to use `when` conditions with the syslog processor. Fixes elastic#36762
6 tasks
andrewkroh
added a commit
that referenced
this issue
Oct 5, 2023
Fix the ability to use `when` conditions with the syslog processor. Fixes #36762
andrewkroh
added a commit
that referenced
this issue
Oct 5, 2023
Scholar-Li
pushed a commit
to Scholar-Li/beats
that referenced
this issue
Feb 5, 2024
Fix the ability to use `when` conditions with the syslog processor. Fixes elastic#36762
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think the syslog processor is not allowing the
when
condition because there is some validation of the allowed parameters andwhen
is not included.beats/libbeat/processors/syslog/syslog.go
Lines 84 to 92 in 2988148
The text was updated successfully, but these errors were encountered: