How to Use Conditional Statements In Fluentd

Fluentd Logging
Better Stack Team
Updated on February 5, 2024

Conditional statements can be seamlessly integrated into Fluentd's record_transformer plugin. Here’s how you can do it:

/etc/fluent/fluentd.conf
<filter mylogs>
  @type record_transformer
  enable_ruby true
  <record>
    is_successful ${record["status"] == 200 ? "true" : "false"}
  </record>
</filter>

In this example, the record_transformer plugin is employed to add an is_successful field to the log records. The value of this field is determined by a ternary operator (a concise conditional statement). It sets is_successful to "true" if the status field equals 200, and "false" otherwise.

Consider the following dummy log source:

/etc/fluent/fluentd.conf
<source>
  @type dummy
  dummy '{"timestamp":"2024-01-27T08:33:17","severity":"ERROR"}'
  format json
  tag mylogs
</source>

You can apply a conditional statement to assess the contents of the severity field as follows:

/etc/fluent/fluentd.conf

...
<filter mylogs>
  @type record_transformer
  enable_ruby true
  <record>
    has_error ${record["severity"] == "ERROR" ? "true" : "false"}
  </record>
</filter>

<match mylogs>
  @type stdout
</match>

In this filter directive, the has_error field will be dynamically populated based on the conditional statement. If the severity field contains "ERROR", has_error is set to true, and false otherwise.

When Fluentd is executed, the logs will be augmented with the has_error field, reflecting the result of the conditional check:

Output
2024-01-29 05:26:50.076341943 +0000 mylogs: {"timestamp":"2024-01-27T08:33:17","severity":"ERROR","has_error":"true"}

In cases where the severity is anything other than "ERROR", the has_error field would be set to false:

Output
2024-01-29 05:26:50.076341943 +0000 mylogs: {"timestamp":"2024-01-27T08:33:17","severity":"INFO","has_error":"false"}

For more in-depth knowledge and various techniques on Fluentd, including conditional processing of log data, explore our comprehensive guide on collecting, processing, and shipping log data with Fluentd.

đź”­ Want to centralize and monitor your logs?

Go to Logtail and start your log management in 5 minutes.

Better Uptime Dashboard

Got an article suggestion? Let us know
Explore more
How to Rotate Log Files in Fluentd?
Questions
How to Add Tags to My Fluentd Events
Questions
How to Use Environmental Variables in Fluentd Config
Questions
How to Fix The “Pattern Not Match” Error in Fluentd
Questions
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Make your mark

Join the writer's program

Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.

Write for us
Writer of the month
Marin Bezhanov
Marin is a software engineer and architect with a broad range of experience working...
Build on top of Better Stack

Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.

community@betterstack.com

or submit a pull request and help us build better products for everyone.

See the full list of amazing projects on github