Dead Letter Queue DLQ

cglencr · October 24, 2019, 6:45pm

I have searched but cannot find any documentation or discussion on how to test the DLQ in 7.4.

I have set the logstash.yml for DLQ as:
dead_letter_queue.enable: true
path.dead_letter_queue: "C:/Applications/ElasticSearch/DeadLetterQueue"

But how to test this works? All of the help on this site explains

that you can only use it with an ElasticSearch output.
message are only sent to the DLQ when a 400 or 403 occurs
has examples on how to input message that exist in a DLQ

So any advice on how to actually get a message to show up in the DLQ would be appreciated.

Badger · October 24, 2019, 7:51pm

You can force a 400 with a mapping exception. The following should get a mapping exception for otherField when it tries to send the second event to elasticsearch.

input { generator { count => 1 lines => [ 'object', 'not' ] } }
filter {
    mutate { add_field => { "someField" => '{ "foo": 1 }' } }
    json { source => "someField" target => "otherField" }
    if [message] == "not" {
        mutate { replace => { "otherField" => "just a string" } }
    }
}

system · November 21, 2019, 7:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dead Letter Queue (DLQ) issue Logstash	2	1107	September 28, 2018
DLQ 7.1.0 not working Logstash	1	305	January 16, 2020
Dead Letter Queue and its usage Logstash	7	2043	August 12, 2019
Writing raw mapping_error events from the Logstash DLQ to Elasticsearch Logstash	1	493	October 7, 2020
DLQ Processing Logstash	2	477	January 3, 2023

Dead Letter Queue DLQ

Related topics