Hi folks,
ssl.json:
[
I'm trying to store the new incoming json data(see above) in separate index with fields namae grabbing by json, but my fault most likely is not enough experience on this matter and I have as a result that all data is stored in one big message field like:
To get it, i setup a http server:
input {@metadata ][type]}"
posting data to elastic
curl -XPOST http://192.168.1.2:8088/ssl-events -d '@ssl.json '
The question is: how to setup in the configuration to be able to store the data in elastic field like in json file:
"certname": "host1"
Your configuration looks reasonable. For now, replace the elasticsearch output with a stdout { codec => rubydebug } output. What do you get in the Logstash log when you post ssl.json to Logstash?
replace => [ "message", "%{message}" ]
This doesn't make any sense.
codec => json
Remove.
Thanks for your reply!
[2017-10-27T07:29:02,883][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NameError: undefined local variable or method dotfile' for #<AwesomePrint::Inspector:0x8dfd0b>>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/1.9/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:163:in merge_custom_defaults!'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/awesome_print-1.8.0/lib/awesome_print/inspector.rb:50:in initialize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/awesome_print-1.8.0/lib/awesome_print/core_ext/kernel.rb:9:in ai'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-rubydebug-3.0.4/lib/logstash/codecs/rubydebug.rb:39:in encode_default'", "org/jruby/RubyMethod.java:120:in call'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-codec-rubydebug-3.0.4/lib/logstash/codecs/rubydebug.rb:35:in encode'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in multi_encode'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/logstash/logstash-core/lib/logstash/codecs/base.rb:50:in multi_encode'", "/usr/share/logstash/logstash-core/lib/logstash/outputs/base.rb:90:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:15:in multi_receive'", "org/jruby/ext/thread/Mutex.java:149:in synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/single.rb:14:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:49:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:436:in output_batch'", "org/jruby/RubyHash.java:1342:in each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:435:in output_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:381:in worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:342:in start_workers'"]}
and I'm getting expected behaviour from curl that server is down:
curl: (52) Empty reply from server
and after that logstash is auto restarting by initctl and return to normal state.
Appears to be a known bug (https://github.com/logstash-plugins/logstash-output-stdout/issues/11 ). You can use a json_lines codec instead.
Fixed for now.
system
December 11, 2017, 9:14pm
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
