Help with logstash csv and beats conf file

lowdmt · December 9, 2018, 9:15am

Hi,

I have an issue with my config file - any help appreciated

`input {
stdin {
type => "stdin-type"
}
file {
path => "/etc/logstash/data/test.csv"
start_position => beginning
# to read from the beginning of file
sincedb_path => "/dev/null"
}
beats {
type => "beats_events"
port => 5044
}
}
filter {
if [type] == "stdin-type"
csv {
separator => ","
columns => ["Domain", "Class", "ElementName", "InstanceDisplayName", "Event", "Count", "Owner", "Ticket", "FirstNotifiedAt", "snhSource", "snhZone", "snhID", "snhDuration", "Acknowledged", "Active", "Category", "Certainty", "ClassName", "ClearOnAcknowledge", "ElementClassName", "EventName", "EventState", "EventText", "EventType", "Impact", "InMaintenance", "InstanceName", "IsProblem", "IsRoot", "LastChangedAt", "LastClearedAt", "LastNotifiedAt", "Name", "Severity", "SourceEventType", "ConsoleNotifiedAt", "ServiceLevel", "TechType", "TicketArea", "Suppression", "RootAction", "ExternalIntegration", "Priority", "Customer", "TicketStatus"]
}
}
##example from CSV FirstNotifiedAt 31/03/2018 23:58:00
filter {
date {
match => ["FirstNotifiedAt", "dd/MM/yyyy HH:mm:ss"]
target => "@timestamp"
}
}

Add your filters / logstash plugins configuration here

output {
if [type] == "stdin-type"
elasticsearch {
hosts => "xxx.xxx.xxx.xxx:9200"
manage_template => false
action => "index"
index => "test01"
user => "xxxxxxxxx"
password => "xxxxxxxxxx"
}
stdout { codec => rubydebug }

}
output {
if [type] == "beats_events"
elasticsearch {
hosts => "xxx.xxx.xxx.xxx:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
user => "xxxxxxxxx"
password => "xxxxxxxxxx"
}
}

stdout:

[2018-12-09T08:50:43,873][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, and, or, xor, nand, { at line 18, column 5 (byte 326) after filter {\n if [type] == "stdin-type"\n ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:309:inblock in converge_state'"]}

lowdmt · December 12, 2018, 8:11pm

@magnusbaeck - apologies for the tag, you have helped with a previous query...

system · January 9, 2019, 8:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.