Can i define S3 output file content?

brandonbai · July 26, 2019, 4:29am

Hi,

When I use the following code to remove the message field,

filter {
....

 if "_grokparsefailure" not in [tags] {
    mutate {
      remove_field => [ "message" ]
    }
  }
....
}

the log content output to s3 becomes the following content:

2019-07-26T02:38:56.000Z {name=f2b7eda7958a} %{message}

From this I guess the s3 plugin will only get and output the message field.

Is there any way to make:

logstash version: 6.6.0

Thanks!

Badger · July 26, 2019, 12:43pm

That's the output from event.to_s, which is what the line codec uses if you do not supply a format. So supply a format...

output { s3 { codec => line { format => "..." ...

brandonbai · July 27, 2019, 1:38am

Hi Badger,

As you said, I also saw the relevant introduction in the official document.

Thanks!

system · August 24, 2019, 1:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Output only s3 file create events to elastic search and not the contents of the files Logstash	2	285	February 8, 2021
Logstash 2.4 - S3 output strange ${message} in file Logstash	7	1234	July 6, 2017
Logstash Elasticsearch output - one field only Logstash	6	752	November 10, 2022
Question about s3 output plugin Logstash	5	1065	April 13, 2018
Remove default fields from logstash output Logstash	2	3330	July 6, 2017