FileBeat Sending to logstash Need help parsing a CSV

iukea · May 23, 2019, 11:26pm

Hey, guys, I am having an issue with my Filebeat yml config and was curious if any of you could spot anything obvious that I missing?

Logstash conf

# Heralding
      if [type] == "Heralding" {
        csv {
          columns => ["timestamp","auth_id","session_id","src_ip","src_port","dest_ip","dest_port","proto","username","password"] separator => ","
        }
        date {
          match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
          remove_field => ["timestamp"]
        }
      }

Filebeats yml

# Heralding
     -
        paths:
        - /data/heralding/log/auth.csv"
        input_type: log
        document_type: Heralding
        fields:
        fields_under_root: true





output.logstash:
   hosts:
      - 'my ip and this is the correct port for me:6990'
logging.level: debug
logging.selectors:
    - publish

pierhugues · May 24, 2019, 4:53pm

What errors are your getting?

iukea · May 27, 2019, 6:27pm

Not getting any errors sadly just nothing is being sent

pierhugues · May 29, 2019, 1:00am

Can you share the log? on both the Logstash and the Beats side?

iukea · May 29, 2019, 7:35pm

   "version": "5.6.1"
  },
  "input_type": "log",
  "json_error": "Error decoding JSON: invalid character 'i' in literal true (expecting 'r')",
  "offset": 111,
  "source": "/data/heralding/log/auth.csv",
  "type": "Heralding"

system · June 26, 2019, 9:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.