Can i define S3 output file content?

brandonbai · July 26, 2019, 4:29am

Hi,

When I use the following code to remove the message field,

filter {
....

 if "_grokparsefailure" not in [tags] {
    mutate {
      remove_field => [ "message" ]
    }
  }
....
}

the log content output to s3 becomes the following content:

2019-07-26T02:38:56.000Z {name=f2b7eda7958a} %{message}

From this I guess the s3 plugin will only get and output the message field.

Is there any way to make:

logstash version: 6.6.0

Thanks!

Badger · July 26, 2019, 12:43pm

That's the output from event.to_s, which is what the line codec uses if you do not supply a format. So supply a format...

output { s3 { codec => line { format => "..." ...

brandonbai · July 27, 2019, 1:38am

Hi Badger,

As you said, I also saw the relevant introduction in the official document.

Thanks!

system · August 24, 2019, 1:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash 2.4 - S3 output strange ${message} in file Logstash	7	1275	July 6, 2017
Question about s3 output plugin Logstash	5	1115	April 13, 2018
Remove default fields from logstash output Logstash	2	3354	July 6, 2017
Logstash output not working when using logstash-s3-plugin Logstash	4	1161	October 20, 2017
Logstash-output-s3 line termination Logstash	3	672	March 5, 2019