Logstash 7.0.1 output to CSV empty

etsai7 · June 25, 2019, 3:53pm

Edit: Never mind, I was able to figure it out. The issue was stemming from a wrong location output.

Hello,

I am trying to output Netflow data out to a csv using Logstash 7.0.1. For testing purposes, I am only including the flow.bytes field for the CSV. Here is my conf file:

input{
  elasticsearch{
    hosts => ["10.100.1.2:9200"]
    index => "elastiflow-*"
    query => '{"query": { "bool": { "must": {"match_all": {}}}}}'
  }
}

output{
  csv{
    fields => ["[flow][bytes]"]
    path => "./data/output_ElastiFlow_test.csv"
  }
}

Output Logs:

[testuser@mtfx2 logstash-7.0.1]$ bin/logstash -f conf_files/elastiflow-output.conf 
Sending Logstash logs to /home/testuser/Downloads/ELK/logstash-7.0.1/logs which is now configured via log4j2.properties
[2019-06-25T08:00:50,359][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-06-25T08:00:50,373][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.0.1"}
[2019-06-25T08:00:55,365][INFO ][logstash.javapipeline    ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>20, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>2500, :thread=>"#<Thread:0x1426c965 run>"}
[2019-06-25T08:00:55,723][INFO ][logstash.javapipeline    ] Pipeline started {"pipeline.id"=>"main"}
[2019-06-25T08:00:55,794][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-06-25T08:00:56,156][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9601}
[2019-06-25T08:00:57,136][INFO ][logstash.outputs.csv     ] Opening file {:path=>"/home/testuser/Downloads/ELK/logstash-7.0.1/data/output_ElastiFlow_test.csv"}
[2019-06-25T08:01:03,935][INFO ][logstash.runner          ] Logstash shut down.

How does my configuration look?

Thanks,
Eric

system · July 23, 2019, 3:53pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash csv output plugin problem Logstash	9	1147	August 11, 2020
Logstash Output CSV Plugin produces no content in the output file Logstash	1	3450	July 6, 2017
Logstash CSV output to Kibana Logstash	2	583	November 14, 2017
ElasticSearch/Logstash input to CSV output mapping question Logstash	5	1768	December 15, 2016
Netflow module Logstash	11	2372	June 7, 2018

Logstash 7.0.1 output to CSV empty

Related topics