Ayup,
I have a Docker setup (E, L & K w/ compose) which has its Logstash parsing custom logs. The "Sophos" pipeline only outputs to an elastic node.
However; Logstash It thinks its super funny to also print every single message to STDOUT despite there being no output for that.
It didn't originally do this, something changed in the pipeline during development. I think it might have started when I added RUBY maths in part of the pipeline, but I can't remove any of that as its in production now.
output {
elasticsearch {
hosts => "https://<elastic_host>:9200"
cacert => "<path>/ca.crt"
user => "logstash_writer"
password => "<pword>"
index => "sophos_xg-7.8.1-%{+MM.YYYY}"
ssl_certificate_verification => true
}
}
RUBY example (they're all like this):
ruby {
id => "calculate total_cpu"
code => "event.set('total_cpu', (100 - event.get('idle').to_f).round(2))"
}
So far I've tried:
- Using compose's
--log-level CRITICAL
- Explicitly disabling Logstash debug modes
- Swearing
Without using physical violence; how do I stop this occuring? It's taking up cycles to do this and making Logstash debuging hard af
Thanks!