I want to extract some fields from my log file and write them to a file in csv format. Say I have a simple log file:
SimpleLog.txt:
Test.cpp:1234 error
Test.cpp:1277 success
Other.cpp:12 Error
Last.java:57 Succ
My logstash config file is as follows:
input {
beats {
port => "5043"
}
}
filter {
grok {
match => { "message" => "%{WORD:filename}\.%{WORD:suffix}:%{INT:line_no} %{WORD:msg}"}
}
}
output {
csv {
fields => [ "filename", "suffix" ]
path => "/home/molejnik/elk/test_output.csv"
csv_options => {
"col_sep" => "\t\t\t"
"row_sep" => "\r\n\n\n\n"
}
}
}
However, I get the following file produced by logstash:
test_output.csv:
2016-11-10T00:55:11.161Z molejnik-ux Test.cpp:1234 error2016-11-10T00:55:11.161Z molejnik-ux Test.cpp:1277 success2016-11-10T00:55:11.161Z molejnik-ux Other.cpp:12 Error2016-11-10T00:55:11.161Z molejnik-ux Last.java:57 Succ
So the log lines get written in full and without a separator.
Any ideas what I am doing wrong?