Dead Letter Queue DLQ

cglencr · October 24, 2019, 6:45pm

I have searched but cannot find any documentation or discussion on how to test the DLQ in 7.4.

I have set the logstash.yml for DLQ as:
dead_letter_queue.enable: true
path.dead_letter_queue: "C:/Applications/ElasticSearch/DeadLetterQueue"

But how to test this works? All of the help on this site explains

that you can only use it with an ElasticSearch output.
message are only sent to the DLQ when a 400 or 403 occurs
has examples on how to input message that exist in a DLQ

So any advice on how to actually get a message to show up in the DLQ would be appreciated.

Badger · October 24, 2019, 7:51pm

You can force a 400 with a mapping exception. The following should get a mapping exception for otherField when it tries to send the second event to elasticsearch.

input { generator { count => 1 lines => [ 'object', 'not' ] } }
filter {
    mutate { add_field => { "someField" => '{ "foo": 1 }' } }
    json { source => "someField" target => "otherField" }
    if [message] == "not" {
        mutate { replace => { "otherField" => "just a string" } }
    }
}

Topic		Replies	Views
Dead Letter Queue and its usage Logstash	7	2244	August 12, 2019
No events in DLQ Logstash	7	2700	August 23, 2017
Deadletter queue Logstash	2	297	July 9, 2020
Dead Letter Queue - Issue Logstash	6	1934	July 5, 2018
DLQ not enabled for logstasha Logstash	10	516	September 7, 2021

Dead Letter Queue DLQ

Related topics