Logstash 5.5 and pipelines

Burga · June 17, 2020, 2:02pm

Hi , I'm facing Logstash 5.5 , is it right to create multiple pipelines under conf.d directory ?

I just created 2 pipelines with 2 different ports and it seems working but I get all messages into all of them unrelated to the ports they are listening to

input {
  beats {
    port => "5041"
    client_inactivity_timeout => 600
    codec => multiline {
      pattern => "(^(%{TIME})|(%{DATESTAMP})|(%{TIMESTAMP_ISO8601})|(\[%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}\]) |(%{MONTH} %{MONTHDAY}, ))|(\{)"
      negate => true
      what => previous
      max_lines => 5000
    }
  }
}

input {
  beats {
    port => "5042"
    client_inactivity_timeout => 600
    codec => multiline {
      pattern => "(^(%{TIME})|(%{DATESTAMP})|(%{TIMESTAMP_ISO8601})|(\[%{MONTHDAY} %{MONTH} %{YEAR} %{TIME}\]) |(%{MONTH} %{MONTHDAY}, ))|(\{)"
      negate => true
      what => previous
      max_lines => 5000
    }
  }
}

so am I right all log records moving twice to elastic ? one to each pipeline ?

if it creates doubles in the elastic what are the options if I want to split to diff pipelines ?

Thanks in advance.

Christian_Dahlqvist · June 17, 2020, 2:06pm

Separate files does not mean separate pipelines as logstash concatenates all files into a single pipeline by default. You need to use conditionals to control flow or use pipelines.yml to separate the pipelines and link to the config Giles.

Burga · June 17, 2020, 2:10pm

Thank you for explanation , but can I use pipeline.yml in my 5.5 version ?

I don't see it under /etc/logstash folder .

Christian_Dahlqvist · June 17, 2020, 2:12pm

Maybe not. Do not remember when that was added.

Burga · June 18, 2020, 4:15am

Thank you

system · July 16, 2020, 4:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.