Logstash 7.1 indexing to elasticsearch problem

wcpoon · May 28, 2019, 2:56am

Hi guys,

I got a problem on logstash 7.1
Before that in logstash 6.7, i do not have this problem. My indexing name is logstash-2019.x.x
My logstash 7.1 index to elasticsearch is only one index file instead of everyday create one index file. Now the indexing name is logstash, and keep all the data in one file only.

Is it my output config is wrong?

below are my logstash config,

   input {
      tcp {
        port => 5514
        type => syslog
      }
      udp {
        port => 5514
        type => syslog
        }
    }

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

output {
  elasticsearch { hosts => ["10.3.3.41:9200"] }
  stdout { codec => rubydebug }
}

cip_indy · May 28, 2019, 2:31pm

Add to elasticsearch output this line "index => "index-name-%{+YYYY.MM.dd}""

system · June 25, 2019, 2:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash-Syslog Configuration in 7.0 Logstash	7	1148	June 24, 2019
Logstash creating day based indexes Logstash	5	1138	July 6, 2017
Logstash Elasticsearch Output into wrong index Logstash	1	343	June 20, 2019
How to configure indexes in logstash Elasticsearch	2	599	June 23, 2019
Logstash not appending date to ES indices Logstash	7	1295	January 8, 2020

Logstash 7.1 indexing to elasticsearch problem

Related topics