Conditional Output to stdout or http not working consistently. Only one condition works and behavior seems to tied to input file that's getting updated first.
Does anyone see any issue with the configuration? please provide your inputs, i am new to ELK.
Logstash version: 6.1.0,
input {
file {
type => "xferlog"
path => "/var/log/vsftpd/xferlog"
id => "xfer"
start_position => "end"
sincedb_path => "/var/log/xfersincedb"
stat_interval => 0.1
}
file {
type => "vsftpd"
path => "/var/log/vsftpd.log"
start_position => "end"
id => "vsftpd"
sincedb_path => "/var/log/vsftpdsincedb"
stat_interval => 0.1
}
file {
type => "sftp"
path => "/var/log/sftp/sftp.log"
start_position => "end"
id => "sftp"
sincedb_path => "/var/log/sftpsincedb"
stat_interval => 0.1
}
}
output {
if [type] == "xferlog" {
stdout { codec => json }
http {
http_method => "post"
url => "http://localhost:xxxx/xferlog"
id => "xfercall"
automatic_retries => 5
}
}
else if [type] == "sftp" {
stdout { codec => json }
http {
http_method => "post"
url => "http://localhost:xxxx/sftplog"
id => "sftpcall"
automatic_retries => 5
}
}
else if [type] == "vsftpd" {
stdout { codec => json }
http {
http_method => "post"
url => "http://localhost:xxxx/vsftpdsessionlog"
id => "vsftpdcall"
automatic_retries => 5
}
}
}