logstash fileds if

https://sueboy.blogspot.com/2018/11/elk60filebeatdocumenttype.html

filebeat.yml

  
- type: log  
  paths:  
    - /var/log/geth.log  
  exclude_files: ['.gz$']  
  
  fields:  
    srctype: "geth"  
  

pipleline logstah.conf

if [fields][srctype] == “geth” {

BUT fields_under_root: true 

  
- type: log  
  paths:  
    - /var/log/geth.log  
  exclude_files: ['.gz$']  
  
  fields:  
    srctype: "geth"  
  fields_under_root: true  

if [srctype] == “geth” {