this is my configuration file
input {
file {
path => ["C:/Users/user03/Documents/sistema_TPG/88.-Elasticsearch/testlog.log"]
start_position => "beginning"
sincedb_path => "C:/logstash/logstash/sincedb/logdbpath.txt"
sincedb_write_interval => 10
}
}
filter {
mutate {
add_field => { "title" => "app test" }
remove_field => ["tags" ,"host", "path", "@version", "column5", "@timestamp", "log-level" ]
rename => ["@timestamp", "date" ]
}
grok {
match => { "timestamp" => "^(?<date_registro>.{16})" }
match => { "message" => "%{LOGLEVEL:log-level}" }
}
date {
match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss" ]
}
}
output {
if [log-level] == "ERROR" {
stdout { codec => rubydebug }
elasticsearch {
hosts => "http://localhost:9200"
index => "website"
}
}
}
this is my log file
2020-09-15 18:39:59 INFO NotificacionCumpleanios:70 - ingresa al proceso paso 1
2020-09-15 18:39:59 INFO NotificacionCumpleanios:70 - ingresa al proceso paso 2
2020-09-15 18:39:59 INFO NotificacionCumpleanios:70 - ingresa al proceso paso 3
2020-09-15 18:39:59 INFO NotificacionCumpleanios:70 - ingresa al proceso paso 4
2020-09-15 18:39:59 INFO NotificacionCumpleanios:70 - ingresa al proceso paso 5 dentro de Try
2020-09-15 18:39:59 ERROR NotificacionCumpleanios:42 - Exception: Esta es una Exception intencional
The problem I have is that when reading the [log-level] field, the matrix does not always work, when it is not, it is not evaluated and it is not sent to logstash despite deleting the log file sincedb_path => "C: / logstash / logstash / sincedb / logdbpath.txt "
work on windows operating system
Thanks in advance.