Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

logstash output to file and ignores codec

Tags:

file

output

logstash

could please someone explain to me, why logstash keeps ignoring "codec => plain => format" setting, I am trying to set?

Cfg file I am using:

 input {
        gelf {
                host => "[some ip]"
                port => 12201
        }
}

output {
        elasticsearch {
                host => "[some ip]"
                bind_port => "9301"
        }

        file {
                codec => plain {
                        format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
                }
                path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
        }
}

I thought I used the wrong format, tried different combinations like "%{time}" for fields and even tried to use constant text like:

codec => plain {format => "Simple line"}

But nothing seems to work. It outputs to the elasticsearch fine, create folder/files, but outputs it as JSON.

If anyone knows what is going on with it, please help. Thanks.

like image 588
user1946099 Avatar asked Apr 21 '15 20:04

user1946099

People also ask

What is Logstash codec?

A codec plugin changes the data representation of an event. Codecs are essentially stream filters that can operate as part of an input or output.

Can Logstash read from file?

Logstash Inputs The most common inputs used are file, beats, syslog, http, tcp, ssl (recommended), udp, stdin but you can ingest data from plenty of other sources.

What is Sincedb_path Logstash?

sincedb_path just needs to be a directory where logstash has write permission for the registry. sincedb_write_interval defines how often logstash should write the sincedb registry. A larger value puts you at risk in logstash were to crash.

Does Logstash work with OpenSearch?

OpenSearch Service supports the logstash-output-opensearch output plugin, which supports both basic authentication and IAM credentials. The plugin works with version 8.1 and lower of Logstash OSS.

1 Answers

Parameter message_format is deprecated and will be remove in future relases of Logstash. Instead of using message_format try something like this:

file {
  codec => line {
    format => "%{[time]} | %{[severity]} : /%{[thread]}/ %{[loggername]} (%{[sourcemethodname]}) - %{[message]}"
  }
  path => "/Users/[some user]/logs/%{host}/%{facility}-%{+YYYY-MM-dd}.log"
}

PS: your example using codec plain, try my with line.

like image 122
Rohlik Avatar answered Oct 08 '22 23:10

Rohlik
Sign in to Comment

Related questions

What is the reading limit of function 'read' in 'unistd.h'?
Objective C Load PDF file in UIWebView
How to determine if a path is a subdirectory of another?
How to get all text files from one folder using Java?
file.encoding has no effect, LC_ALL environment variable does it
How to programmatically create a client side file in Javascript that can be downloaded by the user? [duplicate]
Using python logging module to info messages to one file and err to another file [closed]
Confusion about Dir[] and File.join() in Ruby
I want to serialize and deserialize a ArrayList<Employee> but I keep getting warning?
Rename all files in folder to uppercase with batch
Can a char * or char ** masquerade as a FILE *?
Eclipse and Windows 7
Overhead vs. Speed of Code (java.io.File array vs. java.lang.String array)
Extract base path from a pathname in C
How to detect the finish with file_put_contents() in php?
Get $webclient.downloadstring to write to text file in Powershell
Reading a byte at certain position of a file in C++
Why does ftell() shows wrong position after fread()?
Importing files in Python?
Read certain key from certain section of ini file (sed/awk ?)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!