Error in Parsing logs

shruti51 · December 14, 2018, 1:05pm

HI,

My logstash configuration is:

input {
file {
path => "/opt/XXX/*.txt"
start_position => "beginning"
add_field => [ "log_type","xyz" ]
}
}

The filter part of this file is commented out to indicate that it is

optional.

filter {
if [log_type] == "xyz" {
dissect {
mapping => {
message => "%{act}|%{yui}|%{dsd}|%{ds}|%{ds}|%{dd}"
  	}
  }
}
}
output {
elasticsearch {
hosts => ["eee"]
manage_template => false
user => QQQ
password => WER
index => "ert"
}
stdout {
codec => rubydebug
}

}

Earlier ,it was working fine. Now it is throwing the error:
Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}

I have used "log_type" and not "type".It is throwing error now also.
Please help.

A_B · December 14, 2018, 4:30pm

Hi @shruti51,

It would be much easier to read your config if you would format your post better. Also, you ask a Logstash question in the Elasticsearch forum...

add_field should be a hash, not an array. I would start with changing that. And you are not assigning the value to log_type as you expect.

Try something like

input {
  file {
    path => "/opt/XXX/*.txt"
    start_position => "beginning"
    add_field => {
      "log_type" => "xyz"
    }
  }
}

-AB

system · January 11, 2019, 4:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash logging problem Logstash	16	608	May 22, 2019
Someone please clarify me on my configuration Logstash	7	589	May 25, 2017
Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>6} Logstash	3	16317	July 10, 2019
Output IF ELSE configuration error Logstash	8	35827	July 6, 2017
Logstash 6.x & type Logstash	5	6776	January 7, 2019

Error in Parsing logs

The filter part of this file is commented out to indicate that it is

optional.

Related topics