Hi; I have a CSV file which I am trying to get into Elastic through Logstash. I am using filebeat to get file into the Logstash. I can see in the filebeat log that CSV file is processed successfully. Logstash does not show any errors while file is sent to it but no data is shown in Elastic. Following is my logstash config; can anyone please let me know what is wrong with this config: ("o365logs" files are processed file but "cisco-prime" is the new source which I added and is not working). Thanks in advance.
input {
beats {
port => 5044
}
}
filter {
if "o365logs" in [tags] {
csv {
separator => ","
autodetect_column_names => true
skip_empty_columns => true
skip_empty_rows => true
columns => [ "Received","SenderAddress","RecipientAddress","Subject","Status","ToIP","FromIP","Size","MessageId","MessageTraceId" ]
}
mutate
{
remove_field => [ "message" ]
}
}
if [fields][log_type] == "cisco-prime"
{
csv {
separator => ","
autodetect_column_names => true
skip_empty_columns => true
skip_empty_rows => true
columns => [ "AP Name","Base Radio MAC","Event Time","Associated Client Count","Authenticated Client Count" ]
}
mutate
{
remove_field => [ "message" ]
}
}
}
output {
if "o365logs" in [tags] {
elasticsearch {
hosts => ["http://10.10.10.10:9200"]
index => "o365-smtp"
}
}
if [fields][log_type] == "cisco-prime" {
elasticsearch {
hosts => ["http://10.10.10.10:9200"]
index => "logstash-ciscoprime-%{+YYYY.MM}"
}
}
elasticsearch {
hosts => ["http://10.10.10.10:9200"]
}
}