KV filter is not working with FILE input

Elastic Stack Logstash
1

input {
file {
path => "/prod/onic_app*.log"
start_position => beginning
source => onic_tomcat_app
}
file {
path => "/prod/onic__perf*.log"
start_position => beginning
source => onic_tomcat_perf
}
file {
path => "/prod/onic__sys*.log"
start_position => beginning
source => onic_tomcat_sys
}
beats {
port => “5044”
}
}

filter {
grok {
match => {“message” => “%{MONTHDAY} %{MONTH} %{YEAR} %{TIME},%{NUMBER:duration} %{WORD:loglevel} %{WORD:Activity} [{%{DATA:foo1}}]:(.*) execution time: %{NUMBER:executionTime} ms”}
}
kv {
source => "foo1"
field_split => ", "
}
}
output {
elasticsearch {
hosts => “localhost:9200”
#manage_template => false
index => onic
user => elastic
password => elasticpassword
}
#stdout { codec => rubydebug}
}

And it gives me this error

ERROR logstash.inputs.file - Unknown setting ‘source’ for file

2

ERROR logstash.inputs.file - Unknown setting ‘source’ for file

Yes, the file input doesn't have a source option (always consult the docs when doubt about the availability of various options). I don't even know what you're trying to do here. Did you mean type?

3

i was trying to match the source field that i have set in file beat . I thought if i set a field source in the filebeat.yml same thing i can use in logstash config. But you cleared my doubt. Thanks so much.

4

Yes i should define type instead of Source :slight_smile:

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.