I have a fairly simple logstash config file. However upon running 'service logstash configtest' i get the following error:
"
Error: Expected one of #, -, ", ', } at line 12, column 21 (byte 280) after filter {
if [type] =~ 'audit' {
mutate { replace => { 'type' => 'audit_policy' } }
grok { match => {
"
Do i have a simple syntax error or am i doing something wrong?
Logstash Version: "logstash 2.2.2"
Config File:
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/filebeat.crt"
ssl_key => "/etc/pki/tls/private/filebeat.key"
}
}
filter {
if [type] == 'audit' {
mutate { replace => { 'type' => 'audit_policy' } }
grok { match => { %{COMMONAPACHELOG} } }
}
if [type] == 'access' {
mutate { replace => { 'type' => 'apache_access' } }
grok { match => { %{COMMONAPACHELOG} } }
}
date { match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ] }
}
output {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
}
Thanks in advance!